Lucene search
HistoryDec 12, 2012 - 11:38 a.m.
CVE-2012-4976
cve-2012-4976
layton helpbox
odbc
database
credentials
disclosure
security vulnerability
6.9 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
60.0%
selectawasset.asp in Layton Helpbox 4.4.0 allows remote attackers to discover ODBC database credentials via an element=sys_asset_id request, which is not properly handled during construction of an error page.
| CPE | Name | Operator | Version |
|---|---|---|---|
| layton_technology:helpbox | layton technology helpbox | eq | 4.4.0 |
Related
packetstorm
packetstorm
Layton Helpbox 4.4.0 Password Disclosure
2012-10-26 00:00:00
prion
prion
Design/Logic Flaw
2012-12-12 11:38:00
cvelist
cvelist
CVE-2012-4976
2022-10-03 16:15:35
securityvulns
securityvulns
Layton Helpbox 4.4.0 Multiple Security Issues
2012-10-29 00:00:00
6.9 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
60.0%
Related for CVE-2012-4976