SQL Injection in Intelliants Subrion_cms
CVE-2012-4772
SQL injection vulnerability in register/ in Subrion CMS before 2.2.3 allows remote attackers to execute arbitrary SQL commands via the plan_id parameter.
Vulnerability class: SQL Injection
EPSS: 0.022 (84.6th percentile) — read the EPSS interpretation.
Affected products
- Intelliants Subrion_cms — versions 2.0.4, 2.2.0, 2.2.1
- N/a — versions n/a
Weakness classification (CWE)
References
- 20121017 Multiple vulnerabilities in Subrion CMS (mailing-list, Exploit, x_refsource_BUGTRAQ)
- cve@mitre.org (Exploit, x_refsource_MISC)
- subrioncms-planid-sql-injection(79466) (vdb-entry, x_refsource_XF)
- cve@mitre.org (x_refsource_MISC)
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
- 51013 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)