Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5290

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-5290
Last Modified 05 Oct 2012 12:00:00
Published 04 Oct 2012 12:55:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-5290

Summary

Multiple SQL injection vulnerabilities in EasyWebRealEstate allow remote attackers to execute arbitrary SQL commands via the (1) lstid parameter to listings.php or (2) infoid parameter to index.php.

Vulnerable Systems

Application

  • Wcs4web Easywebrealestate -


References

XF - easyweb-listings-index-sql-injection(72148)

MISC - http://packetstormsecurity.org/files/108342/EasyWebRealEstate-Blind-SQL-Injection.html


Last Updated: 27 May 2016 11:00:52