Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5453

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2012-5453
Last Modified 10 Apr 2013 11:31:51
Published 22 Oct 2012 07:55:10
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-5453

Summary

SQL injection vulnerability in user/index_inline_editor_submit.php in ATutor AContent 1.2-1 allows remote authenticated users to execute arbitrary SQL commands via the field parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-5167.

Vulnerable Systems

Application

  • Atutor Acontent 1.2


References

MISC - https://www.htbridge.com/advisory/HTB23117

SECUNIA - 51034

BID - 56237

OSVDB - 86424


Last Updated: 27 May 2016 11:01:09