Lucene search

[email protected]CVE-2012-5098

HistorySep 23, 2012 - 5:55 p.m.

CVE-2012-5098

2012-09-2317:55:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2012-5098

sql injection

php-x-links

security vulnerability

nvd

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

39.5%

JSON

Multiple SQL injection vulnerabilities in Php-X-Links, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to rate.php, (2) cid parameter to view.php, or (3) t parameter to pop.php.

CPENameOperatorVersion
j_waite:php-x-linksj waite php-x-linkseq0.1
j_waite:php-x-linksj waite php-x-linkseq1.0

CPE	Name	Operator	Version
j_waite:php-x-links	j waite php-x-links	eq	0.1
j_waite:php-x-links	j waite php-x-links	eq	1.0

References

www.exploit-db.com/exploits/18298

www.securityfocus.com/bid/51223

exchange.xforce.ibmcloud.com/vulnerabilities/72066

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

39.5%

JSON

Related for CVE-2012-5098

prion1 cvelist1