Lucene search

[email protected]CVE-2011-5276

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2011-5276

2022-10-0316:15:12

CWE-89

[email protected]

web.nvd.nist.gov

cve-2011-5276

sql injection

drawadmintools_packageinstaller

domain technologie control

dtc

vulnerability

remote authenticated users

arbitrary sql commands

nvd

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.2 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.7%

JSON

SQL injection vulnerability in the drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote authenticated users to execute arbitrary SQL commands via the database_name parameter.

Affected configurations

NVD

Node

gplhostdomain_technologie_controlRange≤0.32.7

gplhostdomain_technologie_controlMatch0.24.6

gplhostdomain_technologie_controlMatch0.25.1

gplhostdomain_technologie_controlMatch0.25.2

gplhostdomain_technologie_controlMatch0.25.3

gplhostdomain_technologie_controlMatch0.26.7

gplhostdomain_technologie_controlMatch0.26.8

gplhostdomain_technologie_controlMatch0.26.9

gplhostdomain_technologie_controlMatch0.27.3

gplhostdomain_technologie_controlMatch0.28.2

gplhostdomain_technologie_controlMatch0.28.3

gplhostdomain_technologie_controlMatch0.28.4

gplhostdomain_technologie_controlMatch0.28.6

gplhostdomain_technologie_controlMatch0.28.9

gplhostdomain_technologie_controlMatch0.28.10

gplhostdomain_technologie_controlMatch0.29.1

gplhostdomain_technologie_controlMatch0.29.6

gplhostdomain_technologie_controlMatch0.29.8

gplhostdomain_technologie_controlMatch0.29.10

gplhostdomain_technologie_controlMatch0.29.14

gplhostdomain_technologie_controlMatch0.29.15

gplhostdomain_technologie_controlMatch0.29.16

gplhostdomain_technologie_controlMatch0.29.17

gplhostdomain_technologie_controlMatch0.30.6

gplhostdomain_technologie_controlMatch0.30.8

gplhostdomain_technologie_controlMatch0.30.10

gplhostdomain_technologie_controlMatch0.30.18

gplhostdomain_technologie_controlMatch0.30.20

gplhostdomain_technologie_controlMatch0.32.1

gplhostdomain_technologie_controlMatch0.32.2

gplhostdomain_technologie_controlMatch0.32.3

gplhostdomain_technologie_controlMatch0.32.4

gplhostdomain_technologie_controlMatch0.32.5

gplhostdomain_technologie_controlMatch0.32.6

CPENameOperatorVersion
gplhost:domain_technologie_controlgplhost domain technologie controlle0.32.7
gplhost:domain_technologie_controlgplhost domain technologie controleq0.24.6
gplhost:domain_technologie_controlgplhost domain technologie controleq0.25.1
gplhost:domain_technologie_controlgplhost domain technologie controleq0.25.2
gplhost:domain_technologie_controlgplhost domain technologie controleq0.25.3
gplhost:domain_technologie_controlgplhost domain technologie controleq0.26.7
gplhost:domain_technologie_controlgplhost domain technologie controleq0.26.8
gplhost:domain_technologie_controlgplhost domain technologie controleq0.26.9
gplhost:domain_technologie_controlgplhost domain technologie controleq0.27.3
gplhost:domain_technologie_controlgplhost domain technologie controleq0.28.2

CPE	Name	Operator	Version
gplhost:domain_technologie_control	gplhost domain technologie control	le	0.32.7
gplhost:domain_technologie_control	gplhost domain technologie control	eq	0.24.6
gplhost:domain_technologie_control	gplhost domain technologie control	eq	0.25.1
gplhost:domain_technologie_control	gplhost domain technologie control	eq	0.25.2
gplhost:domain_technologie_control	gplhost domain technologie control	eq	0.25.3
gplhost:domain_technologie_control	gplhost domain technologie control	eq	0.26.7
gplhost:domain_technologie_control	gplhost domain technologie control	eq	0.26.8
gplhost:domain_technologie_control	gplhost domain technologie control	eq	0.26.9
gplhost:domain_technologie_control	gplhost domain technologie control	eq	0.27.3
gplhost:domain_technologie_control	gplhost domain technologie control	eq	0.28.2

Rows per page:

1-10 of 341

References

git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bh=dec9970db76b82295e9003ca34cecab8d629da4f%3Bhb=65a7a1b166ea3c4325efd4da80a78498c829aa5a

git.gplhost.com/gitweb/?p=dtc.git%3Ba=commitdiff%3Bh=541d8457a6989a1a925bb866ed972a5f07c2de64

www.debian.org/security/2011/dsa-2365

bugs.debian.org/cgi-bin/bugreport.cgi?bug=637632