Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4927

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-4927
Last Modified 17 Sep 2012 12:00:00
Published 15 Sep 2012 01:55:08
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-4927

Summary

SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php.

Vulnerable Systems

Application

  • Limesurvey

  • Limesurvey 1.49

  • Limesurvey 1.49 Rc2

  • Limesurvey 1.5.2

  • Limesurvey 1.52

  • Limesurvey 1.70

  • Limesurvey 1.80

  • Limesurvey 1.80%2b

  • Limesurvey 1.81

  • Limesurvey 1.81%2b

  • Limesurvey 1.90%2b


References

XF - phpsurveyor-index-sql-injection(73395)

BID - 52114

CONFIRM - http://www.limesurvey.org/en/stable-release

EXPLOIT-DB - 18508

SECUNIA - 48051

MISC - http://packetstormsecurity.org/files/110100/limesurvey-sql.txt

OSVDB - 79459

MISC - http://freecode.com/projects/limesurvey/releases/342070


Last Updated: 27 May 2016 11:00:43