Lucene search

[email protected]CVE-2011-4672

HistoryDec 02, 2011 - 6:55 p.m.

CVE-2011-4672

2011-12-0218:55:02

CWE-89

[email protected]

web.nvd.nist.gov

cve-2011-4672

sql injection

valid tiny-erp 1.6

security vulnerability

remote code execution

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

37.5%

JSON

Multiple SQL injection vulnerabilities in Valid tiny-erp 1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the SearchField parameter in a search action to (1) _partner_list.php, (2) proioncategory_list.php, (3) _rantevou_list.php, (4) syncategory_list.php, (5) synallasomenos_list.php, (6) ypelaton_list.php, and (7) yproion_list.php.

Affected configurations

NVD

Node

validtiny-erpRange≤1.6

CPENameOperatorVersion
valid:tiny-erpvalid tiny-erple1.6

CPE	Name	Operator	Version
valid:tiny-erp	valid tiny-erp	le	1.6

References

seclists.org/fulldisclosure/2011/Nov/303

www.exploit-db.com/exploits/18128

www.securityfocus.com/archive/1/520572/100/0/threaded

www.securityfocus.com/bid/50732

exchange.xforce.ibmcloud.com/vulnerabilities/71402

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

37.5%

JSON

Related for CVE-2011-4672

prion1 cvelist1 nvd1