CVE-2014-9528

Name of the Vulnerable Software and Affected Versions HumHub versions 0.10.0-rc.1 and earlier

Description The issue allows remote authenticated users to execute arbitrary SQL commands via the from parameter to "index.php". This can be leveraged for cross-site scripting (XSS) attacks via a request that causes an error.

Recommendations For HumHub versions 0.10.0-rc.1 and earlier, consider restricting access to the "index.php" endpoint until a patch is available. As a temporary workaround, avoid using the from parameter in the affected endpoint to minimize the risk of exploitation.