Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2011-0434

Multiple SQL injection vulnerabilities in Domain Technologie Control (DTC) before 0.32.9 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) admin/bw_per_month.php or (2) client/bw_per_month.php.

Related bugs and status

CVE-2011-0434 (Candidate) is related to these bugs:

Bug #729700: SQL injections in DTC

		In	Importance	Status
729700	SQL injections in DTC	dtc (Ubuntu)	Medium	Fix Released
729700	SQL injections in DTC	dtc (Ubuntu Karmic)	Medium	Fix Released
729700	SQL injections in DTC	dtc (Ubuntu Lucid)	Medium	Fix Released
729700	SQL injections in DTC	dtc (Ubuntu Maverick)	Medium	Fix Released
729700	SQL injections in DTC	dtc (Ubuntu Natty)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [dtcannounce] 20110303...
CONFIRM: http://git.gplhost.com...
CONFIRM: http://git.gplhost.com...
CONFIRM: http://packages.debian...
CONFIRM: http://packages.debian...
DEBIAN: DSA-2179
SECUNIA: 43523
VUPEN: ADV-2011-0556
XF: dtc-cid-sql-injection(...