CVE-2011-0467
HIGHSUSE Studio Onsite < 1.0.3-0.18.1 and SUSE Studio Onsite Appliance < 1.1.2-0.25.1 - Authenticated SQL Injection
Title source: llmDescription
A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versions prior to 1.1.2-0.25.1.
References (2)
Core 2
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.suse.com/show_bug.cgi?id=675039
Various Sources x_refsource_confirm
https://www.suse.com/security/cve/CVE-2011-0467/
Scores
CVSS v3
8.8
EPSS
0.0028
EPSS Percentile
51.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (2)
suse/studio_onsite
< 1.0.3-0.18.1
suse/studio_onsite_appliance
< 1.1.2-0.25.1
Published
Jun 07, 2018
Tracked Since
Feb 18, 2026