Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3197

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2011-3197
Last Modified 27 Mar 2014 05:59:32
Published 21 Mar 2014 12:38:53
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2011-3197

Summary

SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the addrlink parameter to shared/inc/forms/domain_info.php. NOTE: CVE-2011-3197 has been SPLIT due to findings by different researchers. CVE-2011-5272 has been assigned for the vps_note parameter to dtcadmin/logPushlet.php vector.

Vulnerable Systems

Application

  • Gplhost Domain Technologie Control 0.24.6

  • Gplhost Domain Technologie Control 0.25.1

  • Gplhost Domain Technologie Control 0.25.2

  • Gplhost Domain Technologie Control 0.25.3

  • Gplhost Domain Technologie Control 0.26.7

  • Gplhost Domain Technologie Control 0.26.8

  • Gplhost Domain Technologie Control 0.26.9

  • Gplhost Domain Technologie Control 0.27.3

  • Gplhost Domain Technologie Control 0.28.10

  • Gplhost Domain Technologie Control 0.28.2

  • Gplhost Domain Technologie Control 0.28.3

  • Gplhost Domain Technologie Control 0.28.4

  • Gplhost Domain Technologie Control 0.28.6

  • Gplhost Domain Technologie Control 0.28.9

  • Gplhost Domain Technologie Control 0.29.1

  • Gplhost Domain Technologie Control 0.29.10

  • Gplhost Domain Technologie Control 0.29.14

  • Gplhost Domain Technologie Control 0.29.15

  • Gplhost Domain Technologie Control 0.29.16

  • Gplhost Domain Technologie Control 0.29.17

  • Gplhost Domain Technologie Control 0.29.6

  • Gplhost Domain Technologie Control 0.29.8

  • Gplhost Domain Technologie Control 0.30.10

  • Gplhost Domain Technologie Control 0.30.18

  • Gplhost Domain Technologie Control 0.30.20

  • Gplhost Domain Technologie Control 0.30.6

  • Gplhost Domain Technologie Control 0.30.8

  • Gplhost Domain Technologie Control 0.32.1

  • Gplhost Domain Technologie Control 0.32.11

  • Gplhost Domain Technologie Control 0.32.2

  • Gplhost Domain Technologie Control 0.32.3

  • Gplhost Domain Technologie Control 0.32.4

  • Gplhost Domain Technologie Control 0.32.5

  • Gplhost Domain Technologie Control 0.32.6

  • Gplhost Domain Technologie Control 0.32.7


References

CONFIRM - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637498

CONFIRM - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637487

MLIST - [oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc

MLIST - [oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc

DEBIAN - DSA-2365

CONFIRM - http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3


Last Updated: 27 May 2016 11:04:46