Vulnerability Description
Multiple SQL injection vulnerabilities in Infoproject Biznis Heroj allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to login.php, (3) the filter parameter to widget.dokumenti_lista.php, and (4) the fin_nalog_id parameter to nalozi_naslov.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Infoproject | Biznis Heroj | All versions |
Related Weaknesses (CWE)
References
- http://www.exploit-db.com/exploits/18259Exploit
- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5064.phpExploit
- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5065.php
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71927
- http://www.exploit-db.com/exploits/18259Exploit
- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5064.phpExploit
- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5065.php
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71927
FAQ
What is CVE-2011-5039?
CVE-2011-5039 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in Infoproject Biznis Heroj allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to login.php, (3) the filte...
How severe is CVE-2011-5039?
CVE-2011-5039 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-5039?
Check the references section above for vendor advisories and patch information. Affected products include: Infoproject Biznis Heroj.