← back
CVE-2011-5039

CVE-2011-5039

EPSS 1.1%
Multiple SQL injection vulnerabilities in Infoproject Biznis Heroj allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to login.php, (3) the filter parameter to widget.dokumenti_lista.php, and (4) the fin_nalog_id parameter to nalozi_naslov.php.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/18259unverifiedexploitdbwww.exploit-db.com/exploits/18259unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/71927http://www.exploit-db.com/exploits/18259http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5064.phphttp://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5065.php