CVE-2011-3197

CVSS V2 Medium 6.5 CVSS V3 None
Description
SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the addrlink parameter to shared/inc/forms/domain_info.php. NOTE: CVE-2011-3197 has been SPLIT due to findings by different researchers. CVE-2011-5272 has been assigned for the vps_note parameter to dtcadmin/logPushlet.php vector.
Overview
  • CVE ID
  • CVE-2011-3197
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2014-03-21T04:38:53
  • Last Modified Date
  • 2014-03-27T21:59:32
Weakness Enumerations
CWE URL
CWE-89 http://cwe.mitre.org/data/definitions/89.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:gplhost:domain_technologie_control:*:*:*:*:*:*:*:* 1 OR 0.32.11
cpe:2.3:a:gplhost:domain_technologie_control:0.24.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:gplhost:domain_technologie_control:0.25.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:gplhost:domain_technologie_control:0.25.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:gplhost:domain_technologie_control:0.25.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:gplhost:domain_technologie_control:0.26.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:gplhost:domain_technologie_control:0.26.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:gplhost:domain_technologie_control:0.26.9:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:gplhost:domain_technologie_control:0.27.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:gplhost:domain_technologie_control:0.28.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:gplhost:domain_technologie_control:0.28.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:gplhost:domain_technologie_control:0.28.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:gplhost:domain_technologie_control:0.28.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:gplhost:domain_technologie_control:0.28.9:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:gplhost:domain_technologie_control:0.28.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:gplhost:domain_technologie_control:0.29.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:gplhost:domain_technologie_control:0.29.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:gplhost:domain_technologie_control:0.29.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:gplhost:domain_technologie_control:0.29.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:gplhost:domain_technologie_control:0.29.14:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:gplhost:domain_technologie_control:0.29.15:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:gplhost:domain_technologie_control:0.29.16:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:gplhost:domain_technologie_control:0.29.17:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:gplhost:domain_technologie_control:0.30.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:gplhost:domain_technologie_control:0.30.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:gplhost:domain_technologie_control:0.30.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:gplhost:domain_technologie_control:0.30.18:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:gplhost:domain_technologie_control:0.30.20:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:gplhost:domain_technologie_control:0.32.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:gplhost:domain_technologie_control:0.32.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:gplhost:domain_technologie_control:0.32.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:gplhost:domain_technologie_control:0.32.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:gplhost:domain_technologie_control:0.32.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:gplhost:domain_technologie_control:0.32.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:gplhost:domain_technologie_control:0.32.7:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:S/C:P/I:P/A:P
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • SINGLE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • PARTIAL
  • Base Score
  • 6.5
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8
  • Impact Score
  • 6.4
References
Reference URL Reference Tags
http://www.debian.org/security/2011/dsa-2365
http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3
http://www.openwall.com/lists/oss-security/2011/08/24/10
http://www.openwall.com/lists/oss-security/2011/08/13/1
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637498
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637487
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2011-3197
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3197
History
Created Old Value New Value Data Type Notes
2022-05-10 10:35:54 Added to TrackCVE
2022-12-01 22:24:12 2014-03-21T04:38Z 2014-03-21T04:38:53 CVE Published Date updated
2022-12-01 22:24:12 2014-03-27T21:59:32 CVE Modified Date updated
2022-12-01 22:24:12 Analyzed Vulnerability Status updated