CVE-2018-0607

Description

SQL injection vulnerability in the Notifications application in the Cybozu Garoon 3.5.0 to 4.6.2 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.

Affected products

• Cybozu, Inc. / Cybozu Garoon3.5.0 to 4.6.2 – 3.5.0 to 4.6.2

References

• MISChttp://jvn.jp/en/jp/JVN13415512/index.html
• MISChttps://kb.cybozu.support/article/33120/