CVE-2011-3197

🗓️ 20 Mar 2014 19:00:00Reported by redhatType

cve🔗 web.nvd.nist.gov👁 57 Views🌐 WEB

SQL injection vulnerability in DTC before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via addrlink parameter to domain_info.php

Reporter	Title	Published	Views	Family All 14
Cvelist	CVE-2011-3197	20 Mar 201419:00	–	cvelist
Debian	[SECURITY] [DSA 2365-1] dtc security update	18 Dec 201120:31	–	debian
Tenable Nessus	Debian DSA-2365-1 : dtc - several vulnerabilities	12 Jan 201200:00	–	nessus
EUVD	EUVD-2011-3161	7 Oct 202500:30	–	euvd
NVD	CVE-2011-3197	21 Mar 201404:38	–	nvd
OpenVAS	Debian: Security Advisory (DSA-2365-1)	11 Feb 201200:00	–	openvas
OpenVAS	Debian Security Advisory DSA 2365-1 (dtc)	11 Feb 201200:00	–	openvas
OSV	DSA-2365-1 dtc - several	18 Dec 201100:00	–	osv
Prion	Sql injection	21 Mar 201404:38	–	prion
Prion	Sql injection	21 Mar 201404:38	–	prion

NVD

Node

gplhost domain_technologie_controlRange≤0.32.11

gplhost domain_technologie_controlMatch0.24.6

gplhost domain_technologie_controlMatch0.25.1

gplhost domain_technologie_controlMatch0.25.2

gplhost domain_technologie_controlMatch0.25.3

gplhost domain_technologie_controlMatch0.26.7

gplhost domain_technologie_controlMatch0.26.8

gplhost domain_technologie_controlMatch0.26.9

gplhost domain_technologie_controlMatch0.27.3

gplhost domain_technologie_controlMatch0.28.2

gplhost domain_technologie_controlMatch0.28.3

gplhost domain_technologie_controlMatch0.28.4

gplhost domain_technologie_controlMatch0.28.6

gplhost domain_technologie_controlMatch0.28.9

gplhost domain_technologie_controlMatch0.28.10

gplhost domain_technologie_controlMatch0.29.1

gplhost domain_technologie_controlMatch0.29.6

gplhost domain_technologie_controlMatch0.29.8

gplhost domain_technologie_controlMatch0.29.10

gplhost domain_technologie_controlMatch0.29.14

gplhost domain_technologie_controlMatch0.29.15

gplhost domain_technologie_controlMatch0.29.16

gplhost domain_technologie_controlMatch0.29.17

gplhost domain_technologie_controlMatch0.30.6

gplhost domain_technologie_controlMatch0.30.8

gplhost domain_technologie_controlMatch0.30.10

gplhost domain_technologie_controlMatch0.30.18

gplhost domain_technologie_controlMatch0.30.20

gplhost domain_technologie_controlMatch0.32.1

gplhost domain_technologie_controlMatch0.32.2

gplhost domain_technologie_controlMatch0.32.3

gplhost domain_technologie_controlMatch0.32.4

gplhost domain_technologie_controlMatch0.32.5

gplhost domain_technologie_controlMatch0.32.6

gplhost domain_technologie_controlMatch0.32.7

Source	Link
openwall	www.openwall.com/lists/oss-security/2011/08/24/10
git	www.git.gplhost.com/gitweb/
openwall	www.openwall.com/lists/oss-security/2011/08/13/1
bugs	www.bugs.debian.org/cgi-bin/bugreport.cgi
bugs	www.bugs.debian.org/cgi-bin/bugreport.cgi
debian	www.debian.org/security/2011/dsa-2365

Parameter	Position	Path	Description	CWE
addrlink	query param	shared/inc/forms/domain_info.php	SQL injection via addrlink parameter leading to arbitrary SQL execution.	CWE-89
vps_note	request body	dtcadmin/logPushlet.php	SQL injection via vps_note parameter.	CWE-89

16 Jun 2026 23:32Current

7.9High risk

Vulners AI Score7.9

CVSS 26.5

EPSS0.01169

CWE-89