Lucene search

[email protected]CVE-2012-3820

HistoryAug 14, 2014 - 2:55 p.m.

CVE-2012-3820

2014-08-1414:55:04

CWE-89

[email protected]

web.nvd.nist.gov

cve-2012-3820

sql injection

arial software campaign

remote code execution

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.2 High

AI Score

Confidence

High

0.017 Low

EPSS

Percentile

87.7%

JSON

Multiple SQL injection vulnerabilities in Campaign11.exe in Arial Software Campaign Enterprise before 11.0.551 allow remote attackers to execute arbitrary SQL commands via the (1) SerialNumber field to activate.asp or (2) UID field to User-Edit.asp.

Affected configurations

NVD

Node

arialsoftwarecampaign_enterpriseRange≤11.0.538

CPENameOperatorVersion
arialsoftware:campaign_enterprisearialsoftware campaign enterprisele11.0.538

CPE	Name	Operator	Version
arialsoftware:campaign_enterprise	arialsoftware campaign enterprise	le	11.0.538

References

osvdb.org/86491

osvdb.org/86492

sadgeeksinsnow.blogspot.dk/2012/10/my-first-experiences-bug-hunting-part-2.html

secunia.com/advisories/50969

exchange.xforce.ibmcloud.com/vulnerabilities/79507

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.2 High

AI Score

Confidence

High

0.017 Low

EPSS

Percentile

87.7%

JSON

Related for CVE-2012-3820

cvelist1 nvd1 prion1 openvas1 securityvulns1