SQL injection in SUSE studio via select parameter
CVE-2011-0467

8.8HIGH

Key Information:

Vendor: Suse
Status: Suse Studio Onsite; Suse Studio Onsite 1.1 Appliance
Vendor: CVE Published:; 7 June 2018

Summary

A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versions prior to 1.1.2-0.25.1.

Affected Version(s)

SUSE Studio Onsite < 1.0.3-0.18.1

SUSE Studio Onsite 1.1 Appliance < 1.1.2-0.25.1

References

https://bugzilla.suse.com/show_bug.cgi?id=675039

x_refsource_CONFIRM

https://www.suse.com/security/cve/CVE-2011-0467/

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 7, 2018
Vulnerability Reserved
Jan 14, 2011

Credit

Matthias Weckbecker of SUSE