CVE-2011-4970

Multiple SQL injection vulnerabilities affect LCG Disk Pool Manager (DPM) before 1.8.6, as used in EGI UDM. The issues enable remote attackers to execute arbitrary SQL commands via numerous parameters (e.g., dpm_get_pending_req_by_token, dpm_get_cpr_by_fullid, dpm_insert_cpr_entry, dpm_update_spc...