Lucene search

CVE-2012-0973

🗓️ 25 Sep 2012 23:01:55Reported by mitreType

cve🔗 web.nvd.nist.gov👁 31 Views🌐 WEB

Multiple SQL injection vulnerabilities in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the sCategory parameter to index.php

Reporter	Title	Published	Views	Family All 5
Prion	Sql injection	25 Sep 201223:55	–	prion
NVD	CVE-2012-0973	25 Sep 201223:55	–	nvd
Cvelist	CVE-2012-0973	25 Sep 201223:00	–	cvelist
htbridge	Multiple vulnerabilities in OSclass	4 Jan 201200:00	–	htbridge
OpenVAS	OSClass < 2.3.5 Multiple Vulnerabilities - Active Check	27 Sep 201200:00	–	openvas

Nvd

Node

osclass osclassRange≤2.3.4

Source	Link
securityfocus	www.securityfocus.com/bid/51662
secunia	www.secunia.com/advisories/47697
osclass	www.osclass.org/2012/01/16/osclass-2-3-5/
github	www.github.com/osclass/OSClass/commit/ff7ef8a97301aaaf6a97fe46c2c27981a86b4e2f
htbridge	www.htbridge.ch/advisory/multiple_vulnerabilities_in_osclass.html
archives	www.archives.neohapsis.com/archives/bugtraq/2012-01/0157.html

Parameter	Position	Path	Description	CWE
sCategory	query param	/index.php	SQL injection vulnerability through the sCategory parameter.	CWE-89
sCategory	nested	/oc-includes/osclass/helpers/hSearch.php	Improper handling of the sCategory parameter leading to SQL injection.	CWE-89
sCategory	nested	/oc-includes/osclass/model/Category.php	Improper handling of the sCategory parameter leading to SQL injection.	CWE-89

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

25 Sep 2012 23:55Current

8.7High risk

Vulners AI Score8.7

CVSS27.5

EPSS0.02257

CWE-89