Lucene search

[email protected]CVE-2012-5167

HistoryOct 22, 2012 - 11:55 p.m.

CVE-2012-5167

2012-10-2223:55:00

CWE-89

[email protected]

web.nvd.nist.gov

atutor acontent

sql injection

vulnerability

remote attackers

nvd

8.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.5%

JSON

Multiple SQL injection vulnerabilities in ATutor AContent before 1.2-1 allow remote attackers to execute arbitrary SQL commands via the (1) field parameter to course_category/index_inline_editor_submit.php or (2) user/index_inline_editor_submit.php; or (3) id parameter to user/user_password.php.

CPENameOperatorVersion
atutor:acontentatutor acontentle1.2

CPE	Name	Operator	Version
atutor:acontent	atutor acontent	le	1.2

References

archives.neohapsis.com/archives/bugtraq/2012-10/0095.html

osvdb.org/86424

osvdb.org/86425

secunia.com/advisories/51014

secunia.com/advisories/51034

update.atutor.ca/acontent/patch/1_2/

www.securityfocus.com/bid/56100

exchange.xforce.ibmcloud.com/vulnerabilities/79459

exchange.xforce.ibmcloud.com/vulnerabilities/79460

www.htbridge.com/advisory/HTB23117

8.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.5%

JSON

Related for CVE-2012-5167

prion2 cve1 htbridge1 exploitpack1 packetstorm1 securityvulns2 exploitdb1