Lucene search

[email protected]CVE-2012-5910

HistoryNov 17, 2012 - 9:55 p.m.

CVE-2012-5910

2012-11-1721:55:00

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

vulnerability

b2evolution 4.1.3

remote authenticated users

execute arbitrary sql commands

nvd

8.8 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

65.4%

JSON

SQL injection vulnerability in blogs/htsrv/viewfile.php in b2evolution 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via the root parameter.

CPENameOperatorVersion
b2evolution:b2evolutionb2evolutioneq4.1.3

CPE	Name	Operator	Version
b2evolution:b2evolution	b2evolution	eq	4.1.3

References

b2evolution.net/news/2012/04/06/b2evolution-4-1-4-stable

osvdb.org/80671

packetstormsecurity.org/files/111294/B2Evolution-CMS-4.1.3-SQL-Injection.html

vulnerability-lab.com/get_content.php?id=482

www.securityfocus.com/bid/52783

exchange.xforce.ibmcloud.com/vulnerabilities/74457

8.8 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

65.4%

JSON

Related for CVE-2012-5910

prion1 cvelist1