Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2105

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-2105
Last Modified 21 Sep 2012 12:00:00
Published 19 Sep 2012 03:55:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-2105

Summary

Multiple SQL injection vulnerabilities in login.php in Timesheet Next Gen 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.

Vulnerable Systems

Application

  • Peter Kovacs Timesheet Next Gen 1.5.2

  • Timesheet Next Gen 1.5.2


References

XF - timesheetnextgen-login-sql-injection(73680)

BID - 52270

OSVDB - 79804

MLIST - [oss-security] 20120416 Re: CVE-request: Timesheet Next Gen 1.5.2 Multiple SQLi

MLIST - [oss-security] 20120416 CVE-request: Timesheet Next Gen 1.5.2 Multiple SQLi

EXPLOIT-DB - 18554

MISC - http://sourceforge.net/apps/mantisbt/tsheetx/view.php?id=122

SECUNIA - 48239

BUGTRAQ - 20120302 Timesheet Next Gen 1.5.2 Multiple SQLi


Last Updated: 27 May 2016 11:00:44