CVE-2011-0467 HIGH

CVE-2011-0467: SQL injection in SUSE studio via select parameter

Vendor Suse
Product SUSE Studio Onsite
Weakness CWE-89 · SQLi
Published June 7, 2018
Last update September 17, 2024
View on NVD All CVEs

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versions prior to 1.1.2-0.25.1.

Key dates

02Disclosure timeline

June 7, 2018 CVE published
September 17, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-5373 PHPGurukul Online Birth Certificate System users-applications.php sql injection CVE-2023-0910 SourceCodester Online Pizza Ordering System GET Parameter view_prod.php sql injection CVE-2023-2363 SourceCodester Resort Reservation System view_room.php sql injection CVE-2024-41702 SiberianCMS – CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CVE-2025-4070 PHPGurukul Rail Pass Management System changeimage.php sql injection