Lucene search

K
cveMitreCVE-2012-4996
HistorySep 19, 2012 - 7:55 p.m.

CVE-2012-4996

2012-09-1919:55:07
CWE-89
mitre
web.nvd.nist.gov
21
cve-2012-4996
rivettracker
sql injection
remote execution
nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.8

Confidence

Low

EPSS

0.004

Percentile

72.3%

Multiple SQL injection vulnerabilities in RivetTracker 1.03 and earlier allow remote attackers to execute arbitrary SQL commands via the hash parameter to (1) dltorrent.php or (2) torrent_functions.php.

Affected configurations

Nvd
Node
rivetcoderivettrackerRange1.03
OR
rivetcoderivettrackerMatch0.1
OR
rivetcoderivettrackerMatch0.8
VendorProductVersionCPE
rivetcoderivettracker*cpe:2.3:a:rivetcode:rivettracker:*:*:*:*:*:*:*:*
rivetcoderivettracker0.1cpe:2.3:a:rivetcode:rivettracker:0.1:*:*:*:*:*:*:*
rivetcoderivettracker0.8cpe:2.3:a:rivetcode:rivettracker:0.8:*:*:*:*:*:*:*

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.8

Confidence

Low

EPSS

0.004

Percentile

72.3%

Related for CVE-2012-4996