Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5162

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2012-5162
Last Modified 18 Jan 2013 11:50:21
Published 25 Sep 2012 08:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-5162

Summary

Multiple SQL injection vulnerabilities in oc-admin/ajax/ajax.php in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) edit_category_post or (2) enable_category action to index.php.

Vulnerable Systems

Application

  • Osclass 2.3.4


References

CONFIRM - https://github.com/osclass/OSClass/commit/ff7ef8a97301aaaf6a97fe46c2c27981a86b4e2f#diff-1

MISC - http://www.codseq.it/advisories/multiple_vulnerabilities_in_osclass

SECUNIA - 47697

CONFIRM - http://osclass.org/2012/01/16/osclass-2-3-5/

XF - osclass-id-sql-injection(78964)


Last Updated: 27 May 2016 11:00:48