CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2011-3688

Multiple SQL injection vulnerabilities in Sonexis ConferenceManager 9.3.14.0 allow remote attackers to execute arbitrary SQL commands via (1) the g parameter to Conference/Audio/AudioResourceContainer.asp or (2) the txtConferenceID parameter to Login/HostLogin.asp.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 54.5%

CVSS Severity

CVSS v2 Score 7.5

References

http://securityreason.com/securityalert/8401
http://www.solutionary.com/index/SERT/Vuln-Disclosures/Sonexis-SQL-Injection.html
http://securityreason.com/securityalert/8401
http://www.solutionary.com/index/SERT/Vuln-Disclosures/Sonexis-SQL-Injection.html

Products affected by CVE-2011-3688

Sonexis » Conferencemanager » Version: 9.3.14.0

cpe:2.3:a:sonexis:conferencemanager:9.3.14.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2011-3688

Products

Pricing

Contact Us