cpe:/a:bioinformatics:ordersys:1.5.5 cpe:/a:bioinformatics:ordersys:1.5.6 cpe:/a:bioinformatics:ordersys:1.6 cpe:/a:bioinformatics:ordersys:1.6.1 cpe:/a:bioinformatics:ordersys:1.6.2 cpe:/a:bioinformatics:ordersys:1.6.3 CVE-2011-5183 2012-09-20T06:55:28.257-04:00 2012-12-17T00:00:00.000-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2012-09-20T15:14:00.000-04:00 EXPLOIT-DB 18091 CONFIRM http://www.bioinformatics.org/phplabware/labwiki/index.php?page=release_notes Multiple SQL injection vulnerabilities in OrderSys 1.6.4 and earlier allow remote attackers to execute arbitrary SQL commands via the where_clause parameter to (1) index.php, (2) index_long.php, or (3) index_short.php in ordering/interface_creator/.