Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3873

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2012-3873
Last Modified 28 Dec 2012 10:09:50
Published 28 Dec 2012 06:48:44
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-3873

Summary

Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) data/gallery/edit.php, (2) data/guestbook/edit.php, (3) data/file/edit.php, (4) data/htmltext/edit.php, (5) data/publication/edit.php, or (6) data/event/edit.php.

Vulnerable Systems

Application

  • Openconstructor Project Openconstructor 3.12.0


References

MISC - http://packetstormsecurity.org/files/115286/Openconstructor-CMS-3.12.0-SQL-Injection.html


Last Updated: 27 May 2016 10:47:22