Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4638

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-4638
Last Modified 08 Oct 2012 12:00:00
Published 08 Oct 2012 06:47:44
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-4638

Summary

Multiple SQL injection vulnerabilities in SpamTitan WebTitan before 3.60 allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to login-x.php, and allow remote authenticated users to execute arbitrary SQL commands via the (2) bldomain, (3) wldomain, or (4) temid parameter to urls-x.php.

Vulnerable Systems

Application

  • Spamtitan Webtitan 3.50


References

MISC - http://www.sec-1.com/blog/?p=211


Last Updated: 27 May 2016 11:00:52