Lucene search

[email protected]CVE-2012-4281

HistoryAug 13, 2012 - 10:55 p.m.

CVE-2012-4281

2012-08-1322:55:02

CWE-89

[email protected]

web.nvd.nist.gov

cve-2012-4281

sql injection

travelon express

remote attackers

arbitrary sql commands

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.1%

JSON

Multiple SQL injection vulnerabilities in Travelon Express 6.2.2 allow remote attackers to execute arbitrary SQL commands via the hid parameter to (1) holiday.php or (2) holiday_book.php, (3) id parameter to pages.php, (4) fid parameter to admin/airline-edit.php, or (5) cid parameter to admin/customer-edit.php.

Affected configurations

NVD

Node

itechscriptstravelon_expressMatch6.2.2

CPENameOperatorVersion
itechscripts:travelon_expressitechscripts travelon expresseq6.2.2

CPE	Name	Operator	Version
itechscripts:travelon_express	itechscripts travelon express	eq	6.2.2

References

secunia.com/advisories/49118

www.exploit-db.com/exploits/18871

www.osvdb.org/81882

www.osvdb.org/81883

www.osvdb.org/81884

www.osvdb.org/81885

www.osvdb.org/81886

www.securityfocus.com/bid/53500

www.vulnerability-lab.com/get_content.php?id=530

exchange.xforce.ibmcloud.com/vulnerabilities/75540

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.1%

JSON

Related for CVE-2012-4281

prion1 nvd1 cvelist1