← back
CVE-2011-0467

SQL injection in SUSE studio via select parameter

CVSS 8.8 HIGHEPSS 1.3%CWE-89
A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versions prior to 1.1.2-0.25.1.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
SUSE · SUSE Studio OnsiteSUSE · SUSE Studio Onsite 1.1 Appliance

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugzilla.suse.com/show_bug.cgi?id=675039https://www.suse.com/security/cve/CVE-2011-0467/