CVE-2011-5039

Multiple SQL injection vulnerabilities in Infoproject Biznis Heroj allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to login.php, (3) the filter parameter to widget.dokumenti_lista.php, and (4) the fin_nalog_id parameter to nalozi_naslov.php.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5064.php	Exploit
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5065.php
http://www.exploit-db.com/exploits/18259	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/71927

Configurations

Configuration 1 (hide)

cpe:2.3:a:infoproject:biznis_heroj:*:*:*:*:*:*:*:*

Information

Published : 2011-12-30 11:55

Updated : 2017-08-28 18:30

NVD link : CVE-2011-5039

Mitre link : CVE-2011-5039

JSON object : View

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Products Affected

infoproject

biznis_heroj

7.5 /10