Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4281

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-4281
Last Modified 14 Aug 2012 12:00:00
Published 13 Aug 2012 06:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-4281

Summary

Multiple SQL injection vulnerabilities in Travelon Express 6.2.2 allow remote attackers to execute arbitrary SQL commands via the hid parameter to (1) holiday.php or (2) holiday_book.php, (3) id parameter to pages.php, (4) fid parameter to admin/airline-edit.php, or (5) cid parameter to admin/customer-edit.php.

Vulnerable Systems

Application

  • Itechscripts Travelon Express 6.2.2


References

XF - travelonexpress-multiple-sql-injection(75540)

MISC - http://www.vulnerability-lab.com/get_content.php?id=530

BID - 53500

OSVDB - 81886

OSVDB - 81885

OSVDB - 81884

OSVDB - 81883

OSVDB - 81882

EXPLOIT-DB - 18871

SECUNIA - 49118


Last Updated: 27 May 2016 10:51:40