PT-2011-3473 · Enspire · Enspire Distribution Management Solution+1

Alastair Gray

Published

2011-11-01

Updated

2012-02-29

CVE-2011-1915

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Enspire Distribution Management Solution version 7.3.2.7 eClient version 7.3.2.3

Description The issue allows remote attackers to execute arbitrary SQL commands.

Recommendations For Enspire Distribution Management Solution version 7.3.2.7, update to a version that fixes the SQL injection issue. For eClient version 7.3.2.3, consider restricting access to sensitive SQL commands until a patch is available.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2011-1915

Affected Products

Enspire Distribution Management Solution

Eclient

PT-2011-3473 · Enspire · Enspire Distribution Management Solution+1

CVE-2011-1915

Weakness Enumeration

Related Identifiers

Affected Products

References · 3