Vulnerability Description
Multiple SQL injection vulnerabilities in Sonexis ConferenceManager 9.3.14.0 allow remote attackers to execute arbitrary SQL commands via (1) the g parameter to Conference/Audio/AudioResourceContainer.asp or (2) the txtConferenceID parameter to Login/HostLogin.asp.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sonexis | Conferencemanager | 9.3.14.0 |
Related Weaknesses (CWE)
References
- http://securityreason.com/securityalert/8401
- http://www.solutionary.com/index/SERT/Vuln-Disclosures/Sonexis-SQL-Injection.htmExploit
- http://securityreason.com/securityalert/8401
- http://www.solutionary.com/index/SERT/Vuln-Disclosures/Sonexis-SQL-Injection.htmExploit
FAQ
What is CVE-2011-3688?
CVE-2011-3688 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in Sonexis ConferenceManager 9.3.14.0 allow remote attackers to execute arbitrary SQL commands via (1) the g parameter to Conference/Audio/AudioResourceContainer...
How severe is CVE-2011-3688?
CVE-2011-3688 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-3688?
Check the references section above for vendor advisories and patch information. Affected products include: Sonexis Conferencemanager.