BASE 'base_qry_main.php' SQL Injection Vulnerability

2012-02-10T00:00:00

Description

BASE is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

{"id": "OPENVAS:1361412562310103414", "type": "openvas", "bulletinFamily": "scanner", "title": "BASE 'base_qry_main.php' SQL Injection Vulnerability", "description": "BASE is prone to an SQL-injection vulnerability because it fails\nto sufficiently sanitize user-supplied data before using it in an\nSQL query.", "published": "2012-02-10T00:00:00", "modified": "2018-09-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103414", "reporter": "This script is Copyright (C) 2012 Greenbone Networks GmbH", "references": ["http://www.securityfocus.com/bid/51874", "http://base.secureideas.net/"], "cvelist": ["CVE-2012-1017"], "lastseen": "2019-05-29T18:38:31", "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-1017"]}, {"type": "openvas", "idList": ["OPENVAS:103414"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2012-1017"]}], "rev": 4}, "score": {"value": 0.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2012-1017"]}, {"type": "openvas", "idList": ["OPENVAS:103414"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2012-1017"]}]}, "exploitation": null, "vulnersScore": 0.1}, "pluginID": "1361412562310103414", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_base_51874.nasl 11651 2018-09-27 11:53:00Z asteins $\n#\n# BASE 'base_qry_main.php' SQL Injection Vulnerability\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103414\");\n script_bugtraq_id(51874);\n script_cve_id(\"CVE-2012-1017\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 11651 $\");\n\n script_name(\"BASE 'base_qry_main.php' SQL Injection Vulnerability\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/51874\");\n script_xref(name:\"URL\", value:\"http://base.secureideas.net/\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-27 13:53:00 +0200 (Thu, 27 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-10 11:58:03 +0100 (Fri, 10 Feb 2012)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2012 Greenbone Networks GmbH\");\n script_dependencies(\"base_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"BASE/installed\");\n\n script_tag(name:\"summary\", value:\"BASE is prone to an SQL-injection vulnerability because it fails\nto sufficiently sanitize user-supplied data before using it in an\nSQL query.\");\n\n script_tag(name:\"impact\", value:\"Exploiting this issue could allow an attacker to compromise the\napplication, access or modify data, or exploit latent vulnerabilities\nin the underlying database.\");\n\n script_tag(name:\"affected\", value:\"BASE 1.4.5 is vulnerable, other versions may also be affected.\");\n script_tag(name:\"solution\", value:\"No known solution was made available for at least one year since the disclosure of this vulnerability.\nLikely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.\");\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n exit(0);\n}\n\ninclude(\"http_func.inc\");\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nCPE = 'cpe:/a:secureideas:base';\n\nif(!port = get_app_port(cpe:CPE))\n exit(0);\n\nif(!vers = get_app_version(cpe:CPE, port:port))\n exit(0);\n\nif(version_is_equal(version:vers, test_version:\"1.4.5\")) {\n security_message(port:port, data:\"The target host was found to be vulnerable\");\n exit(0);\n}\n\nexit(99);\n", "naslFamily": "Web application abuses", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645226634, "score": 1659797217}, "_internal": {"score_hash": "f5cb9697c5ee946b7e6423a40d6fa1a0"}}

{"ubuntucve": [{"lastseen": "2022-08-04T14:31:08", "description": "Multiple SQL injection vulnerabilities in base_qry_main.php in Basic\nAnalysis and Security Engine (BASE) 1.4.5 allow remote attackers to execute\narbitrary SQL commands via the (1) ip_addr[0][1], (2) ip_addr[0][2], or (3)\nip_addr[0][9] parameters.", "cvss3": {}, "published": "2012-02-08T00:00:00", "type": "ubuntucve", "title": "CVE-2012-1017", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1017"], "modified": "2012-02-08T00:00:00", "id": "UB:CVE-2012-1017", "href": "https://ubuntu.com/security/CVE-2012-1017", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2017-07-28T10:50:42", "description": "BASE is prone to an SQL-injection vulnerability because it fails\nto sufficiently sanitize user-supplied data before using it in an\nSQL query.\n\nExploiting this issue could allow an attacker to compromise the\napplication, access or modify data, or exploit latent vulnerabilities\nin the underlying database.\n\nBASE 1.4.5 is vulnerable; other versions may also be affected.", "cvss3": {}, "published": "2012-02-10T00:00:00", "type": "openvas", "title": "BASE 'base_qry_main.php' SQL Injection Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1017"], "modified": "2017-07-13T00:00:00", "id": "OPENVAS:103414", "href": "http://plugins.openvas.org/nasl.php?oid=103414", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_base_51874.nasl 6720 2017-07-13 14:25:27Z cfischer $\n#\n# BASE 'base_qry_main.php' SQL Injection Vulnerability\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_summary = \"BASE is prone to an SQL-injection vulnerability because it fails\nto sufficiently sanitize user-supplied data before using it in an\nSQL query.\n\nExploiting this issue could allow an attacker to compromise the\napplication, access or modify data, or exploit latent vulnerabilities\nin the underlying database.\n\nBASE 1.4.5 is vulnerable; other versions may also be affected.\";\n\n\nif (description)\n{\n script_id(103414);\n script_bugtraq_id(51874);\n script_cve_id(\"CVE-2012-1017\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version (\"$Revision: 6720 $\");\n\n script_name(\"BASE 'base_qry_main.php' SQL Injection Vulnerability\");\n\n script_xref(name : \"URL\" , value : \"http://www.securityfocus.com/bid/51874\");\n script_xref(name : \"URL\" , value : \"http://base.secureideas.net/\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-13 16:25:27 +0200 (Thu, 13 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-10 11:58:03 +0100 (Fri, 10 Feb 2012)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2012 Greenbone Networks GmbH\");\n script_dependencies(\"base_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"BASE/installed\");\n\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"version_func.inc\");\n\nport = get_http_port(default:80);\nif (!can_host_php(port:port)) exit(0);\n\nif(vers = get_version_from_kb(port:port,app:\"BASE\")) {\n\n if(version_is_equal(version: vers, test_version: \"1.4.5\")) {\n security_message(port:port);\n exit(0);\n }\n\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cve": [{"lastseen": "2022-03-23T11:53:15", "description": "Multiple SQL injection vulnerabilities in base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 allow remote attackers to execute arbitrary SQL commands via the (1) ip_addr[0][1], (2) ip_addr[0][2], or (3) ip_addr[0][9] parameters.", "cvss3": {}, "published": "2012-02-08T00:55:00", "type": "cve", "title": "CVE-2012-1017", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1017"], "modified": "2017-08-29T01:31:00", "cpe": ["cpe:/a:secureideas:base:1.4.5"], "id": "CVE-2012-1017", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1017", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:secureideas:base:1.4.5:*:*:*:*:*:*:*"]}]}

BASE 'base_qry_main.php' SQL Injection Vulnerability

Description

Related