Main
Vulnerability Database
Exploits
ID:11092 - Exploit for Improper privilege management in orientdb - CVE-2017-11467
ID:11092 - Exploit for Improper privilege management in orientdb - CVE-2017-11467
Published: January 27, 2025
Vulnerability identifier: #VU103313
Vulnerability risk: High
CVE-ID: CVE-2017-11467
CWE-ID: CWE-269
Exploitation vector: Remote access
Vulnerable software:
orientdb
orientdb
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to escalate privileges.
The vulnerability exists due to OrientDB does not enforce privilege requirements during "where" or "fetchplan" or "order by" use. A remote attacker can execute arbitrary OS commands via a crafted request.
Remediation
Install updates from vendor's website.