Lucene search

K

[email protected]NVD:CVE-2012-6290

HistoryMar 11, 2014 - 7:37 p.m.

CVE-2012-6290

2014-03-1119:37:01

CWE-89

[email protected]

web.nvd.nist.gov

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

50.6%

SQL injection vulnerability in ImageCMS before 4.2 allows remote authenticated administrators to execute arbitrary SQL commands via the q parameter to admin/admin_search/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.

Affected configurations

NVD

Node

imagecmsimagecmsRange≤4.0.0b

References

archives.neohapsis.com/archives/bugtraq/2013-01/0105.html

forum.imagecms.net/viewtopic.php?id=1436

osvdb.org/89513

packetstormsecurity.com/files/119806/ImageCMS-4.0.0b-SQL-Injection.html

secunia.com/advisories/51913

www.securityfocus.com/bid/57545

exchange.xforce.ibmcloud.com/vulnerabilities/81470

www.htbridge.com/advisory/HTB23132

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

50.6%

Related for NVD:CVE-2012-6290

packetstorm1 htbridge1 seebug2 cvelist2 securityvulns2 prion2 cve2 exploitpack1 exploitdb1 nvd1