Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4672

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-4672
Last Modified 05 Dec 2011 12:00:00
Published 02 Dec 2011 01:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-4672

Summary

Multiple SQL injection vulnerabilities in Valid tiny-erp 1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the SearchField parameter in a search action to (1) _partner_list.php, (2) proioncategory_list.php, (3) _rantevou_list.php, (4) syncategory_list.php, (5) synallasomenos_list.php, (6) ypelaton_list.php, and (7) yproion_list.php.

Vulnerable Systems

Application

  • Valid Tiny-erp 1.6


References

XF - validtinyerp-searchfield-sql-injection(71402)

BID - 50732

BUGTRAQ - 20111119 Valid tiny-erp <= 1.6 SQL Injection Vulnerability

EXPLOIT-DB - 18128


Last Updated: 27 May 2016 10:57:49