Lucene search

MitreCVE-2012-6507

HistoryJan 24, 2013 - 1:55 a.m.

CVE-2012-6507

2013-01-2401:55:04

CWE-89

mitre

web.nvd.nist.gov

cve

2012

6507

sql injection

vulnerabilities

admin.php

churchcms 0.0.1

remote attackers

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.8

Confidence

Low

EPSS

0.001

Percentile

51.0%

JSON

Multiple SQL injection vulnerabilities in admin.php in ChurchCMS 0.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) uname or (2) pass parameters in a login action.

Affected configurations

Nvd

Node

jason_sexauerchurchcmsMatch0.0.1

VendorProductVersionCPE
jason_sexauerchurchcms0.0.1cpe:2.3:a:jason_sexauer:churchcms:0.0.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
jason_sexauer	churchcms	0.0.1	cpe:2.3:a:jason_sexauer:churchcms:0.0.1:::::::*

References

archives.neohapsis.com/archives/bugtraq/2012-04/0178.html

packetstormsecurity.org/files/112106/ChurchCMS-0.0.1-SQL-Injection.html

www.securityfocus.com/bid/53209

exchange.xforce.ibmcloud.com/vulnerabilities/75110

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.8

Confidence

Low

EPSS

0.001

Percentile

51.0%

JSON

Related for CVE-2012-6507