CVE-2011-4970

{"id": "CVE-2011-4970", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-05-13T14:55:07.720", "references": [{"url": "http://blog.pi3.com.pl/?p=402", "tags": ["Exploit"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/52487", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://site.pi3.com.pl/adv/disk_pool_manager_1.txt", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2013/03/10/1", "tags": ["Exploit"], "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2013/03/12/1", "source": "secalert@redhat.com"}, {"url": "https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2012-2683", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in LCG Disk Pool Manager (DPM) before 1.8.6, as used in EGI UDM, allow remote attackers to execute arbitrary SQL commands via the (1) r_token variable in the dpm_get_pending_req_by_token, (2) dpm_get_cpr_by_fullid, (3) dpm_get_cpr_by_surl, (4) dpm_get_cpr_by_surls, (5) dpm_get_gfr_by_fullid, (6) dpm_get_gfr_by_surl, (7) dpm_get_pfr_by_fullid, (8) dpm_get_pfr_by_surl, (9) dpm_get_req_by_token, (10) dpm_insert_cpr_entry, (11) dpm_insert_gfr_entry, (12) dpm_insert_pending_entry, (13) dpm_insert_pfr_entry, (14) dpm_insert_xferreq_entry, (15) dpm_list_cpr_entry, (16) dpm_list_gfr_entry, or (17) dpm_list_pfr_entry function; the (18) surl variable in the dpm_get_cpr_by_surl function; the (19) to_surl variable in the dpm_get_cpr_by_surls function; the (20) u_token variable in the dpm_get_pending_reqs_by_u_desc, (21) dpm_get_reqs_by_u_desc, (22) dpm_get_spcmd_by_u_desc, (23) dpm_insert_pending_entry, (24) dpm_insert_spcmd_entry, or (25) dpm_insert_xferreq_entry function; the (26) s_token variable in the dpm_get_spcmd_by_token, (27) dpm_insert_cpr_entry, (28) dpm_insert_gfr_entry, (29) dpm_insert_pfr_entry, (30) dpm_insert_spcmd_entry, (31) dpm_update_cpr_entry, (32) dpm_update_gfr_entry, or (33) dpm_update_pfr_entry function; or remote administrators to execute arbitrary SQL commands via the (34) poolname variable in the dpm_get_pool_entry, (35) dpm_insert_fs_entry, (36) dpm_insert_pool_entry, (37) dpm_insert_spcmd_entry, (38) dpm_list_fs_entry, or (39) dpm_update_spcmd_entry function."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en LCG Disk Pool Manager (DPM) anterior a versi\u00f3n 1.8.6, tal y como es usada en EGI UDM, permiten a los atacantes remotos ejecutar comandos SQL arbitrarios por medio de la (1) variable r_token en la funci\u00f3n dpm_get_pending_req_by_token, (2) dpm_get_ cpr_by_fullid, (3) dpm_get_cpr_by_surl, (4) dpm_get_cpr_by_surls, (5) dpm_get_gfr_by_fullid, (6) dpm_get_gfr_by_surl, (7) dpm_get_pfr_by_fullid, (8) dpm_get_pfr_by_surl, (9) dpm_get_req_by_token, (10) dpm_in_in_cpr , (11) dpm_insert_gfr_entry, (12) dpm_insert_pending_entry, (13) dpm_insert_pfr_entry, (14) dpm_insert_xferreq_entry, (15) dpm_list_cpr_entry, (16) dpm_list_gfr_entry, o (17) dpm_list_pfr_entry; la (18) variable surl en la funci\u00f3n dpm_get_cpr_by_surl; la (19) variable to_surl en la funci\u00f3n dpm_get_cpr_by_surls; la (20) variable u_token en la funci\u00f3n dpm_get_pending_reqs_by_u_desc, (21) dpm_get_reqs_by_u_desc, (22) dpm_get_spcmd_by_u_desc, (23) dpm_insert_pending_entry, (24) dpm_insert_spcmd_entry o (25) dpm_insert_xferreq_entry; la (26) variable s_token en la funci\u00f3n dpm_get_spcmd_by_token, (27) dpm_insert_cpr_entry, (28) dpm_insert_gfr_entry, (29) dpm_insert_pfr_entry, (30) dpm_insert_spcmd_entry, (31) dpm_update_cpr_entry, (32) dpm_update_gfr_entry, o (33) dpm_update_pfr_entry; o administradores remotos para ejecutar comandos SQL arbitrarios por medio de la (34) variable poolname en la funci\u00f3n dpm_get_pool_entry, (35) dpm_insert_fs_entry, (36) dpm_insert_pool_entry, (37) dpm_insert_spcmd_entry, (38) dpm_list_fs_entry o (39) dpm_update_spcmd_entry."}], "lastModified": "2014-05-16T03:58:56.353", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:disk_pool_manager_project:disk_pool_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F558F24-C57B-4279-B960-712F5F655477", "versionEndIncluding": "1.8.1"}, {"criteria": "cpe:2.3:a:disk_pool_manager_project:disk_pool_manager:1.8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34424BEC-213B-4AEC-BA48-861DA333F5DB"}, {"criteria": "cpe:2.3:a:disk_pool_manager_project:disk_pool_manager:1.8.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "309CB329-788A-484C-92B5-7F78619BFB38"}, {"criteria": "cpe:2.3:a:disk_pool_manager_project:disk_pool_manager:1.8.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "051AC9C3-13F5-46C8-9E71-64EF3124B076"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}