Lucene search

[email protected]CVE-2012-5244

HistoryOct 20, 2014 - 2:55 p.m.

CVE-2012-5244

2014-10-2014:55:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2012-5244

sql injection

banana dance

remote attackers

arbitrary sql commands

nvd

8.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.7%

JSON

Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter to functions/suggest.php; (5) the id parameter to functions/widgets.php, (6) the category parameter to functions/print.php; or (7) the name parameter to functions/ajax.php.

CPENameOperatorVersion
bananadance:banana_dancebananadance banana danceleb.2.6

CPE	Name	Operator	Version
bananadance:banana_dance	bananadance banana dance	le	b.2.6

References

osvdb.org/88535

osvdb.org/88536

osvdb.org/88537

osvdb.org/88538

www.exploit-db.com/exploits/23573/

exchange.xforce.ibmcloud.com/vulnerabilities/80746

www.htbridge.com/advisory/HTB23118

8.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.7%

JSON

Related for CVE-2012-5244

prion1 packetstorm1 securityvulns2 htbridge1 exploitpack1 zdt1 exploitdb1