Lucene search

MitreCVELIST:CVE-2012-1234

HistoryFeb 21, 2012 - 11:00 a.m.

CVE-2012-1234

2012-02-2111:00:00

mitre

www.cve.org

sql injection

advantech/broadwin webaccess 7.0

remote authenticated users

arbitrary sql commands

malformed url

incomplete fix

cve-2012-0234

AI Score

7.8

Confidence

Low

EPSS

0.002

Percentile

53.4%

JSON

SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0234.

References

www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf