Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-5039

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-5039
Last Modified 02 Jan 2012 12:00:00
Published 30 Dec 2011 02:55:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-5039

Summary

Multiple SQL injection vulnerabilities in Infoproject Biznis Heroj allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to login.php, (3) the filter parameter to widget.dokumenti_lista.php, and (4) the fin_nalog_id parameter to nalozi_naslov.php.

Vulnerable Systems

Application

  • Infoproject Biznis Heroj


References

XF - infoproject-multiple-sql-injection(71927)

MISC - http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5065.php

MISC - http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5064.php

EXPLOIT-DB - 18259


Last Updated: 27 May 2016 10:57:18