Arbitrary SQL Command Execution in Domain Technologie Control (DTC)

Arbitrary SQL Command Execution in Domain Technologie Control (DTC)

CVE-2011-5276 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

SQL injection vulnerability in the drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote authenticated users to execute arbitrary SQL commands via the database_name parameter.

Learn more about our User Device Pen Test.