Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-5230

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-5230
Last Modified 06 Nov 2012 12:00:00
Published 25 Oct 2012 01:55:06
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-5230

Summary

Multiple SQL injection vulnerabilities in the selectUserIdByLoginPass function in seotoaster_core/application/models/LoginModel.php in Seotoaster 1.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to sys/login/index or (2) memberLoginName parameter to sys/login/member.

Vulnerable Systems

Application

  • Seotoaster 1.8.2

  • Seotoaster 1.8.3

  • Seotoaster 1.9


References

XF - seotoaster-loginmodel-sql-injection(71843)

MISC - http://www.infoserve.de/system/files/advisories/INFOSERVE-ADV2011-06.txt

EXPLOIT-DB - 18246

SECUNIA - 46881

OSVDB - 77736


Last Updated: 27 May 2016 11:01:16