CVE-2013-6930

Name of the Vulnerable Software and Affected Versions Cybozu Garoon versions 2.0.0 through 2.0.6 Cybozu Garoon versions 2.1.0 through 2.1.3 Cybozu Garoon versions 2.5.0 through 2.5.4 Cybozu Garoon versions 3.0.0 through 3.0.3 Cybozu Garoon versions 3.5.0 through 3.5.5 Cybozu Garoon versions 3.7.x before 3.7.3

Description The issue is related to a SQL injection vulnerability in the page-navigation implementation. This allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Recommendations For Cybozu Garoon versions 2.0.0 through 2.0.6, update to a version outside of this range. For Cybozu Garoon versions 2.1.0 through 2.1.3, update to a version outside of this range. For Cybozu Garoon versions 2.5.0 through 2.5.4, update to a version outside of this range. For Cybozu Garoon versions 3.0.0 through 3.0.3, update to a version outside of this range. For Cybozu Garoon versions 3.5.0 through 3.5.5, update to a version outside of this range. For Cybozu Garoon versions 3.7.x before 3.7.3, update to version 3.7.3 or later.