CVE-2011-0467

CWE-89SQL Injection4 documents4 sources
Severity
8.8HIGH
EPSS
0.3%
top 48.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Suse Suse Studio OnsiteSuse Suse Studio Onsite 1.1 ApplianceSuse Studio Onsite+1 more
Timeline
PublishedJun 7
Latest updateMay 13

Description

A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versions prior to 1.1.2-0.25.1.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

NVDsuse/studio_onsite_appliance< 1.1.2-0.25.1
CVEListV5suse/suse_studio_onsite_1.1_applianceunspecified1.1.2-0.25.1
NVDsuse/studio_onsite< 1.0.3-0.18.1
CVEListV5suse/suse_studio_onsiteunspecified1.0.3-0.18.1

🔴Vulnerability Details

2
GHSA
GHSA-949h-c8q7-ffm5: A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 12022-05-13
CVEList
SQL injection in SUSE studio via select parameter2018-06-07

💬Community

1
Bugzilla
CVE-2008-5299 chm2pdf insecure temporary file symlink flaw2008-12-03
CVE-2011-0467 (HIGH CVSS 8.8) | A vulnerability in the listing of a | cvebase.io