Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4951

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-4951
Last Modified 01 Mar 2013 11:46:27
Published 15 Nov 2012 06:58:40
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-4951

Summary

Multiple SQL injection vulnerabilities in terminal/paramedit.aspx in VeriFone VeriCentre Web Console before 2.2 build 36 allow remote attackers to execute arbitrary SQL commands via the (1) TerminalId, (2) ModelName, or (3) ApplicationName parameter.

Vulnerable Systems

Application

  • Verifone Vericentre Web Console 2.0

  • Verifone Vericentre Web Console 2.0.1

  • Verifone Vericentre Web Console 2.2


References

CERT-VN - VU#180091

MISC - http://www.clearskies.net/documents/css-advisory-css1211-vericentre.pdf

BID - 56409

XF - vericentre-paramedit-sql-injection(79832)


Last Updated: 27 May 2016 11:01:58