Description
Multiple SQL injection vulnerabilities in Infoproject Biznis Heroj allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to login.php, (3) the filter parameter to widget.dokumenti_lista.php, and (4) the fin_nalog_id parameter to nalozi_naslov.php.
Exploits (1)
References (4)
Core 4
Core References
Third Party Advisory x_refsource_misc
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5065.php
Exploit x_refsource_misc
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5064.php
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/18259
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/71927
Scores
EPSS
0.0077
EPSS Percentile
73.7%
Details
CWE
CWE-89
Status
published
Products (1)
infoproject/biznis_heroj
Published
Dec 30, 2011
Tracked Since
Feb 18, 2026