CVE-2011-0467

A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versions prior to 1.1.2-0.25.1.

Published: Jun 7, 2018
Updated: Nov 8, 2023
CVE: CVE-2011-0467
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
suse / studio_onsite_appliance	-	1.1.2-0.25.1
suse / studio_onsite	-	1.0.3-0.18.1

https://bugzilla.suse.com/show_bug.cgi?id=675039
https://www.suse.com/security/cve/CVE-2011-0467/

Vulnerability Database

289,599

CVE-2011-0467