Lucene search

[email protected]CVE-2012-4925

HistorySep 15, 2012 - 5:55 p.m.

CVE-2012-4925

2012-09-1517:55:07

CWE-89

[email protected]

web.nvd.nist.gov

cve-2012-4925

sql injection

approve.php

img pals photo host 1.0

remote attackers

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.5%

JSON

Multiple SQL injection vulnerabilities in approve.php in Img Pals Photo Host 1.0 allow remote attackers to execute arbitrary SQL commands via the u parameter in a (1) app0 or (2) app1 action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Affected configurations

NVD

Node

imgpalsimg_pals_photo_hostMatch1.0

CPENameOperatorVersion
imgpals:img_pals_photo_hostimgpals img pals photo hosteq1.0

CPE	Name	Operator	Version
imgpals:img_pals_photo_host	imgpals img pals photo host	eq	1.0

References

archives.neohapsis.com/archives/bugtraq/2012-02/0180.html

secunia.com/advisories/48182

www.exploit-db.com/exploits/18544

www.osvdb.org/79670

www.securityfocus.com/bid/52195

exchange.xforce.ibmcloud.com/vulnerabilities/73526

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.5%

JSON

Related for CVE-2012-4925

cvelist1 prion1 nvd1