Lucene search
Copyright (C) 2012 Greenbone AGOPENVAS:1361412562310103414HistoryFeb 10, 2012 - 12:00 a.m.
BASE 'base_qry_main.php' SQL Injection Vulnerability
2012-02-1000:00:00
Copyright (C) 2012 Greenbone AG
plugins.openvas.org
10
6.5 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
26.8%
BASE is prone to an SQL-injection vulnerability because it fails
to sufficiently sanitize user-supplied data before using it in an
SQL query.
# SPDX-FileCopyrightText: 2012 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:secureideas:base";
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.103414");
script_cve_id("CVE-2012-1017");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_version("2024-03-04T14:37:58+0000");
script_name("BASE 'base_qry_main.php' SQL Injection Vulnerability");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/51874");
script_tag(name:"last_modification", value:"2024-03-04 14:37:58 +0000 (Mon, 04 Mar 2024)");
script_tag(name:"creation_date", value:"2012-02-10 11:58:03 +0100 (Fri, 10 Feb 2012)");
script_tag(name:"qod_type", value:"remote_banner");
script_category(ACT_GATHER_INFO);
script_family("Web application abuses");
script_copyright("Copyright (C) 2012 Greenbone AG");
script_dependencies("base_detect.nasl");
script_mandatory_keys("BASE/installed");
script_tag(name:"summary", value:"BASE is prone to an SQL-injection vulnerability because it fails
to sufficiently sanitize user-supplied data before using it in an
SQL query.");
script_tag(name:"impact", value:"Exploiting this issue could allow an attacker to compromise the
application, access or modify data, or exploit latent vulnerabilities
in the underlying database.");
script_tag(name:"affected", value:"BASE 1.4.5 is vulnerable, other versions may also be affected.");
script_tag(name:"solution", value:"No known solution was made available for at least one year since the disclosure of this vulnerability.
Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.");
script_tag(name:"solution_type", value:"WillNotFix");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if(!port = get_app_port(cpe:CPE))
exit(0);
if(!vers = get_app_version(cpe:CPE, port:port))
exit(0);
if(version_is_equal(version:vers, test_version:"1.4.5")) {
report = report_fixed_ver(installed_version:vers, fixed_version:"None");
security_message(port:port, data:report);
exit(0);
}
exit(0);
References
Related
openvas
openvas
BASE 'base_qry_main.php' SQL Injection Vulnerability
2012-02-10 00:00:00
cve
cve
CVE-2012-1017
2012-02-08 00:55:00
prion
prion
Sql injection
2012-02-08 00:55:00
ubuntucve
ubuntucve
CVE-2012-1017
2012-02-08 00:00:00
6.5 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
26.8%
Related for OPENVAS:1361412562310103414