Lucene search

[email protected]NVD:CVE-2011-5259

HistoryFeb 12, 2013 - 8:55 p.m.

CVE-2011-5259

2013-02-1220:55:02

CWE-89

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

8.4

Confidence

Low

EPSS

0.005

Percentile

77.2%

JSON

SQL injection vulnerability in lib/controllers/CentralController.php in OrangeHRM before 2.6.11.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Affected configurations

Nvd

Node

orangehrmorangehrmRange≤2.6.11

orangehrmorangehrmMatch2.6.0

orangehrmorangehrmMatch2.6.0.1

orangehrmorangehrmMatch2.6.1

orangehrmorangehrmMatch2.6.2

orangehrmorangehrmMatch2.6.3

orangehrmorangehrmMatch2.6.4

orangehrmorangehrmMatch2.6.5

orangehrmorangehrmMatch2.6.6

orangehrmorangehrmMatch2.6.7

orangehrmorangehrmMatch2.6.8

orangehrmorangehrmMatch2.6.8.1

orangehrmorangehrmMatch2.6.9

orangehrmorangehrmMatch2.6.10

VendorProductVersionCPE
orangehrmorangehrm*cpe:2.3:a:orangehrm:orangehrm:*:*:*:*:*:*:*:*
orangehrmorangehrm2.6.0cpe:2.3:a:orangehrm:orangehrm:2.6.0:*:*:*:*:*:*:*
orangehrmorangehrm2.6.0.1cpe:2.3:a:orangehrm:orangehrm:2.6.0.1:*:*:*:*:*:*:*
orangehrmorangehrm2.6.1cpe:2.3:a:orangehrm:orangehrm:2.6.1:*:*:*:*:*:*:*
orangehrmorangehrm2.6.2cpe:2.3:a:orangehrm:orangehrm:2.6.2:*:*:*:*:*:*:*
orangehrmorangehrm2.6.3cpe:2.3:a:orangehrm:orangehrm:2.6.3:*:*:*:*:*:*:*
orangehrmorangehrm2.6.4cpe:2.3:a:orangehrm:orangehrm:2.6.4:*:*:*:*:*:*:*
orangehrmorangehrm2.6.5cpe:2.3:a:orangehrm:orangehrm:2.6.5:*:*:*:*:*:*:*
orangehrmorangehrm2.6.6cpe:2.3:a:orangehrm:orangehrm:2.6.6:*:*:*:*:*:*:*
orangehrmorangehrm2.6.7cpe:2.3:a:orangehrm:orangehrm:2.6.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
orangehrm	orangehrm	*	cpe:2.3:a:orangehrm:orangehrm::::::::
orangehrm	orangehrm	2.6.0	cpe:2.3:a:orangehrm:orangehrm:2.6.0:::::::*
orangehrm	orangehrm	2.6.0.1	cpe:2.3:a:orangehrm:orangehrm:2.6.0.1:::::::*
orangehrm	orangehrm	2.6.1	cpe:2.3:a:orangehrm:orangehrm:2.6.1:::::::*
orangehrm	orangehrm	2.6.2	cpe:2.3:a:orangehrm:orangehrm:2.6.2:::::::*
orangehrm	orangehrm	2.6.3	cpe:2.3:a:orangehrm:orangehrm:2.6.3:::::::*
orangehrm	orangehrm	2.6.4	cpe:2.3:a:orangehrm:orangehrm:2.6.4:::::::*
orangehrm	orangehrm	2.6.5	cpe:2.3:a:orangehrm:orangehrm:2.6.5:::::::*
orangehrm	orangehrm	2.6.6	cpe:2.3:a:orangehrm:orangehrm:2.6.6:::::::*
orangehrm	orangehrm	2.6.7	cpe:2.3:a:orangehrm:orangehrm:2.6.7:::::::*

Rows per page:

1-10 of 141

References

blog.orangehrm.com/2011/12/09/security-vulnerabilities-fixed-with-orangehrm-26112/

osvdb.org/show/osvdb/77418

secunia.com/advisories/47014

www.securityfocus.com/archive/1/520684/100/0/threaded

www.securityfocus.com/bid/50857

exchange.xforce.ibmcloud.com/vulnerabilities/71569

www.htbridge.ch/advisory/multiple_vulnerabilities_in_orangehrm.html

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

8.4

Confidence

Low

EPSS

0.005

Percentile

77.2%

JSON

Related for NVD:CVE-2011-5259

cvelist1 cve1 exploitdb1 prion1