Lucene search

PRIOn knowledge basePRION:CVE-2012-2937

HistoryMay 27, 2012 - 8:55 p.m.

Sql injection

2012-05-2720:55:00

PRIOn knowledge base

www.prio-n.com

9.2 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.4%

JSON

Multiple SQL injection vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) list parameter in a move action to admin/admin_index.php, (2) display parameter in a minimize action to admin/admin_index.php, (3) enabled[] parameter to admin/admin_users.php, or (4) msg_id to the module.php in the simple_messaging module.

CPENameOperatorVersion
pligg_cmseq1.1.3
pligg_cmseq1.0.0 rc3
pligg_cmseq1.1.0
pligg_cmsle1.2.1
pligg_cmseq1.0.1
pligg_cmseq9.5
pligg_cmseq1.0.0 rc2
pligg_cmseq1.0.0
pligg_cmseq1.2.0
pligg_cmseq1.1.5

Name	Operator	Version
pligg_cms	eq	1.1.3
pligg_cms	eq	1.0.0 rc3
pligg_cms	eq	1.1.0
pligg_cms	le	1.2.1
pligg_cms	eq	1.0.1
pligg_cms	eq	9.5
pligg_cms	eq	1.0.0 rc2
pligg_cms	eq	1.0.0
pligg_cms	eq	1.2.0
pligg_cms	eq	1.1.5

Rows per page:

1-10 of 231

References

forums.pligg.com/downloads.php?do=file&id=15

osvdb.org/82048

osvdb.org/82049

osvdb.org/82050

pligg.svn.sourceforge.net/viewvc/pligg?view=revision&revision=2461

secunia.com/advisories/45431

secunia.com/secunia_research/2012-19/

www.securityfocus.com/bid/53625

exchange.xforce.ibmcloud.com/vulnerabilities/75765