SQL injection vulnerability in managetimetracker.php in Collabtive before 1.2 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a projectpdf action.Referenceshttp://www.securityfocus.com/bid/64943http://osvdb.org/102123http://packetstormsecurity.com/files/124777/Collabtive-1.1-SQL-Injection.htmlhttp://www.exploit-db.com/exploits/30946http://www.collabtive.o-dyn.de/blog/?p=621#more-621http://seclists.org/fulldisclosure/2014/Jan/72
