Lucene search

[email protected]CVE-2012-4743

HistoryAug 31, 2012 - 10:55 p.m.

CVE-2012-4743

2012-08-3122:55:01

CWE-89

[email protected]

web.nvd.nist.gov

cve-2012-4743

sql injection

siche search module

zeroboard

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.6%

JSON

Multiple SQL injection vulnerabilities in ssearch.php in Siche search module 0.5 for Zeroboard allow remote attackers to execute arbitrary SQL commands via the (1) ss, (2) sm, (3) align, or (4) category parameters.

Affected configurations

NVD

Node

eos.pesiche_search_moduleMatch0.5

AND

zeroboardzeroboardMatch-

CPENameOperatorVersion
eos.pe:siche_search_moduleeos.pe siche search moduleeq0.5

CPE	Name	Operator	Version
eos.pe:siche_search_module	eos.pe siche search module	eq	0.5

References

archives.neohapsis.com/archives/bugtraq/2012-04/0099.html

osvdb.org/81178

www.securityfocus.com/bid/53035

www.vulnerability-lab.com/get_content.php?id=504

exchange.xforce.ibmcloud.com/vulnerabilities/74916

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.6%

JSON

Related for CVE-2012-4743

nvd1 cvelist1 prion1