Lucene search

[email protected]CVE-2012-4258

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2012-4258

2022-10-0316:15:35

CWE-89

[email protected]

web.nvd.nist.gov

cve

2012

4258

sql injection

myre real estate software

remote attackers

arbitrary sql commands

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

47.9%

JSON

Multiple SQL injection vulnerabilities in MYRE Real Estate Software (2012 Q2) allow remote attackers to execute arbitrary SQL commands via the (1) link_idd parameter to 1_mobile/listings.php or (2) userid parameter to 1_mobile/agentprofile.php.

Affected configurations

NVD

Node

myrephpmyre_real_estate_softwareMatch2012q2

CPENameOperatorVersion
myrephp:myre_real_estate_softwaremyrephp myre real estate softwareeq2012

CPE	Name	Operator	Version
myrephp:myre_real_estate_software	myrephp myre real estate software	eq	2012

References

packetstormsecurity.org/files/112480/MYRE-Real-Estate-Mobile-2012-2-Cross-Site-Scripting-SQL-Injection.html

www.exploit-db.com/exploits/18843

www.securityfocus.com/bid/53394

www.vulnerability-lab.com/get_content.php?id=516

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

47.9%

JSON

Related for CVE-2012-4258

cvelist1 nvd1 prion1