CVE-2011-2944

🗓️ 12 Aug 2014 20:00:00Reported by mitreType

cve

cve🔗 web.nvd.nist.gov👁 39 Views🌐 WEB

SQL injection vulnerability in MegaLab The Uploader before 2.0.

Reporter	Title	Published	Views	Family All 9
0day.today	The Uploader 2.0.4 (Eng/Ita) Remote File Upload Remote Code Execution	24 Feb 201200:00	–	zdt
ATTACKERKB	CVE-2011-2944	12 Aug 201420:55	–	attackerkb
Cvelist	CVE-2011-2944	12 Aug 201420:00	–	cvelist
Exploit DB	The Uploader 2.0.4 (English/Italian) - Arbitrary File Upload / Remote Code Execution (Metasploit)	23 Feb 201200:00	–	exploitdb
EUVD	EUVD-2011-2912	7 Oct 202500:30	–	euvd
exploitpack	The Uploader 2.0.4 (EnglishItalian) - Arbitrary File Upload Remote Code Execution (Metasploit)	23 Feb 201200:00	–	exploitpack
NVD	CVE-2011-2944	12 Aug 201420:55	–	nvd
Packet Storm	The Uploader 2.0.4 (Eng/Ita) Remote File Upload	24 Feb 201200:00	–	packetstorm
Prion	Sql injection	12 Aug 201420:55	–	prion

NVD

Node

megalab the_uploaderRange≤2.0.4

Source	Link
exploit-db	www.exploit-db.com/exploits/18518
osvdb	www.osvdb.org/79508
packetstormsecurity	www.packetstormsecurity.org/files/110166/The-Uploader-2.0.4-Eng-Ita-Remote-File-Upload.html
sourceforge	www.sourceforge.net/p/theuploader/news/2011/07/the-uploader-205-released
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/73471
securityfocus	www.securityfocus.com/bid/52156
secunia	www.secunia.com/advisories/48141

Parameter	Position	Path	Description	CWE
username	request body	/login.php	SQL injection vulnerability in login.php allowing arbitrary SQL via the username parameter	CWE-89

16 Jun 2026 23:32Current

8.7High risk

Vulners AI Score8.7

CVSS 27.5

EPSS0.02684

cve-2011-2944 sql injection megalab the uploader login.php nvd