Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3988

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-3988
Last Modified 14 May 2012 12:00:00
Published 21 Oct 2011 02:55:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-3988

Summary

SQL injection vulnerability in data/class/SC_Query.php in EC-CUBE 2.11.0 through 2.11.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Vulnerable Systems

Application

  • Lockon Ec-cube 2.11.0

  • Lockon Ec-cube 2.11.1

  • Lockon Ec-cube 2.11.2


References

CONFIRM - http://www.ec-cube.net/release/detail.php?release_id=286

CONFIRM - http://www.ec-cube.net/info/weakness/weakness.php?id=38

CONFIRM - http://svn.ec-cube.net/open_trac/ticket/1502

XF - eccube-scquery-sql-injection(70625)

BID - 50140

SECUNIA - 46446

OSVDB - 76399

JVNDB - JVNDB-2011-000087

JVN - JVN#44496332


Last Updated: 27 May 2016 10:57:48