PT-2012-2189 · Subrion · Subrion Cms

3Psil0Nlambda

Published

2012-10-22

Updated

2013-02-14

CVE-2011-5212

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Subrion CMS version 2.0.4

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the user name or password field in the admin/index.php file.

Recommendations For Subrion CMS version 2.0.4, consider updating to a newer version that contains a fix for this issue. As a temporary workaround, restrict access to the admin/index.php file to minimize the risk of exploitation. Avoid using the user name and password fields in the affected file until the issue is resolved.

Exploit

Fix

RCE

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2011-5212

Affected Products

Subrion Cms

PT-2012-2189 · Subrion · Subrion Cms

CVE-2011-5212

Weakness Enumeration

Related Identifiers

Affected Products

References · 8