Lucene search

MitreCVE-2012-6516

HistoryJan 24, 2013 - 1:55 a.m.

CVE-2012-6516

2013-01-2401:55:05

CWE-89

mitre

web.nvd.nist.gov

sql injection

php ticket system

remote attackers

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.7

Confidence

Low

EPSS

0.001

Percentile

34.1%

JSON

SQL injection vulnerability in PHP Ticket System Beta 1 allows remote attackers to execute arbitrary SQL commands via the q parameter to index.php.

Affected configurations

Nvd

Node

shawn_bradleyphp_ticket_systemMatch1.0beta

VendorProductVersionCPE
shawn_bradleyphp_ticket_system1.0cpe:2.3:a:shawn_bradley:php_ticket_system:1.0:beta:*:*:*:*:*:*

Vendor	Product	Version	CPE
shawn_bradley	php_ticket_system	1.0	cpe:2.3:a:shawn_bradley:php_ticket_system:1.0:beta::::::

References

archives.neohapsis.com/archives/bugtraq/2012-04/0190.html

www.exploit-db.com/exploits/18778

www.securityfocus.com/bid/53235

exchange.xforce.ibmcloud.com/vulnerabilities/75146

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.7

Confidence

Low

EPSS

0.001

Percentile

34.1%

JSON

Related for CVE-2012-6516