CVE-2011-293612.11.2019, 14:15Elgg through 1.7.10 has a SQL injection vulnerabilitySQL InjectionEnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST9.8 CRITICALNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HredhatCNA------CVEADP------Base ScoreCVSS 3.xEPSS ScorePercentile: 54%VendorProductVersionelggelgg𝑥≤ 1.7.10𝑥= Vulnerable software versionsKnown Exploits!https://oss-security.openwall.narkive.com/1UH3NYx8/cve-request-elgg-1-7-10-multiple-vulnerabilitieshttps://oss-security.openwall.narkive.com/1UH3NYx8/cve-request-elgg-1-7-10-multiple-vulnerabilitiesCommon Weakness EnumerationCWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.Referenceshttps://access.redhat.com/security/cve/cve-2011-2936https://oss-security.openwall.narkive.com/1UH3NYx8/cve-request-elgg-1-7-10-multiple-vulnerabilitieshttps://security-tracker.debian.org/tracker/CVE-2011-2936https://access.redhat.com/security/cve/cve-2011-2936https://oss-security.openwall.narkive.com/1UH3NYx8/cve-request-elgg-1-7-10-multiple-vulnerabilitieshttps://security-tracker.debian.org/tracker/CVE-2011-2936