Lucene search

Ubuntu.comUB:CVE-2012-1225

HistoryFeb 21, 2012 - 12:00 a.m.

CVE-2012-1225

2012-02-2100:00:00

ubuntu.com

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.5%

JSON

Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and
earlier allow remote authenticated users to execute arbitrary SQL commands
via the (1) memberslist parameter (aka Member List) in list.php or (2)
rowid parameter to adherents/fiche.php.

References

launchpad.net/bugs/cve/CVE-2012-1225

nvd.nist.gov/vuln/detail/CVE-2012-1225

security-tracker.debian.org/tracker/CVE-2012-1225

www.cve.org/CVERecord?id=CVE-2012-1225

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.5%

JSON

Related for UB:CVE-2012-1225