Description
SQL injection vulnerability in modules/notes/json.php in Intermesh Group-Office 3.5.9 allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a category action.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by ViciOuS · textwebappsphp
https://www.exploit-db.com/exploits/14988
References (3)
Core 3
Core References
Exploit x_refsource_misc
http://www.securityfocus.com/bid/43174/exploit
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/14988
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/43174
Scores
EPSS
0.0011
EPSS Percentile
28.4%
Details
CWE
CWE-89
Status
published
Products (1)
intermesh/group-office
3.5.9
Published
Sep 16, 2010
Tracked Since
Feb 18, 2026