Lucene search

[email protected]CVE-2012-1656

HistorySep 18, 2012 - 8:55 p.m.

CVE-2012-1656

2012-09-1820:55:01

CWE-89

[email protected]

web.nvd.nist.gov

cve-2012-1656

sql injection

multisite search module

drupal

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.2 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.7%

JSON

SQL injection vulnerability in the Multisite Search module 6.x-2.2 for Drupal allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the Site table prefix field.

Affected configurations

NVD

Node

wesjonesmultisite_searchMatch6.x-2.2

AND

drupaldrupalMatch-

CPENameOperatorVersion
wesjones:multisite_searchwesjones multisite searcheq6.x-2.2

CPE	Name	Operator	Version
wesjones:multisite_search	wesjones multisite search	eq	6.x-2.2

References

drupal.org/node/1471800

www.madirish.net/content/drupal-multisite-search-module-sql-injection-vulnerability

www.openwall.com/lists/oss-security/2012/04/07/1

www.osvdb.org/79857

www.securityfocus.com/bid/52342

exchange.xforce.ibmcloud.com/vulnerabilities/73898

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.2 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.7%

JSON

Related for CVE-2012-1656

nvd1 prion1 cvelist1 drupal1