Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1722

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-1722
Last Modified 02 May 2011 12:00:00
Published 19 Apr 2011 03:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-1722

Summary

Multiple SQL injection vulnerabilities in WEC Discussion Forum (wec_discussion) extension 2.1.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in April 2011.

Vulnerable Systems

Application

  • Webempoweredchurch Wec Discussion 1.6.0

  • Webempoweredchurch Wec Discussion 1.6.1

  • Webempoweredchurch Wec Discussion 1.6.2

  • Webempoweredchurch Wec Discussion 1.6.3

  • Webempoweredchurch Wec Discussion 1.7.0

  • Webempoweredchurch Wec Discussion 2.0.1

  • Webempoweredchurch Wec Discussion 2.0.2

  • Webempoweredchurch Wec Discussion 2.0.3

  • Webempoweredchurch Wec Discussion 2.0.4

  • Webempoweredchurch Wec Discussion 2.1.0


References

XF - wecdiscussionforum-multiple-sql-injection(66619)

VUPEN - ADV-2011-0896

BID - 47257

CONFIRM - http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-003/

CONFIRM - http://typo3.org/extensions/repository/view/wec_discussion/2.1.1/

SECUNIA - 44055

OSVDB - 71674


Last Updated: 27 May 2016 10:56:24