SQL injection vulnerability in the loadByKey function in the TznDbConnection class in tzn_mysql.php in Tirzen (aka TZN) Framework 1.5, as used in TaskFreak! before 0.6.3, allows remote attackers to execute arbitrary SQL commands via the username field in a login action.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| taskfreak | taskfreak! | 0.5.4 |
| taskfreak | taskfreak! | 0.1.4 |
| taskfreak | taskfreak! | 0.1.2 |
| taskfreak | taskfreak! | 0.4.0 |
| taskfreak | taskfreak! | 0.4.1 |
| taskfreak | taskfreak! | 0.5.0 |
| taskfreak | taskfreak! | 0.4.2 |
| taskfreak | taskfreak! | 0.5.6 |
| taskfreak | taskfreak! | 0.5.3 |
| taskfreak | taskfreak! | 0.6.1 |
| tirzen | tirzen_framework | 1.5 |
| taskfreak | taskfreak! | * |
| taskfreak | taskfreak! | 0.5.5 |
| taskfreak | taskfreak! | 0.1 |
| taskfreak | taskfreak! | 0.5.7 |
| taskfreak | taskfreak! | 0.5.2 |
| taskfreak | taskfreak! | 0.1.3 |
| taskfreak | taskfreak! | 0.6.0 |
| taskfreak | taskfreak! | 0.5.1 |