CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2011-0467 – SQL injection in SUSE studio via select parameter
https://notcve.org/view.php?id=CVE-2011-0467
A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versions prior to 1.1.2-0.25.1. Una vulnerabilidad en la lista de software disponible de SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance permite a los usuarios autenticados ejecutar sentencias SQL arbitrarias mediante inyección SQL. Las versiones afectadas son SUSE Studio Onsite: versiones anteriores a la versión 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versiones anteriores a la versión 1.1.2-0.25.1. • https://bugzilla.suse.com/show_bug.cgi?id=675039 https://www.suse.com/security/cve/CVE-2011-0467 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •