CVE-2011-5183

Bioinformatics Ordersys < 1.6.3 - SQL Injection

Title source: rule

Description

Multiple SQL injection vulnerabilities in OrderSys 1.6.4 and earlier allow remote attackers to execute arbitrary SQL commands via the where_clause parameter to (1) index.php, (2) index_long.php, or (3) index_short.php in ordering/interface_creator/.

Exploits (1)

exploitdb WRITEUP VERIFIED

by muuratsalo · textwebappsphp

https://www.exploit-db.com/exploits/18091

View Code ZIP pw:eip

References (2)

Core 2

Core References

Various Sources x_refsource_confirm

http://www.bioinformatics.org/phplabware/labwiki/index.php?page=release_notes

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/18091

Scores

EPSS 0.0100

EPSS Percentile 77.1%

Details

CWE

CWE-89

Status published

Products (6)

bioinformatics/ordersys 1.5.5

bioinformatics/ordersys 1.5.6

bioinformatics/ordersys 1.6

bioinformatics/ordersys 1.6.1

bioinformatics/ordersys 1.6.2

bioinformatics/ordersys < 1.6.3

Published Sep 20, 2012

Tracked Since Feb 18, 2026