CVE-2012-4743

Multiple SQL injection vulnerabilities in ssearch.php in Siche search module 0.5 for Zeroboard allow remote attackers to execute arbitrary SQL commands via the (1) ss, (2) sm, (3) align, or (4) category parameters.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2012-04/0099.html	Exploit
http://osvdb.org/81178
http://www.securityfocus.com/bid/53035
http://www.vulnerability-lab.com/get_content.php?id=504
https://exchange.xforce.ibmcloud.com/vulnerabilities/74916

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:eos.pe:siche_search_module:0.5:*:*:*:*:*:*:*

cpe:2.3:a:zeroboard:zeroboard:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2012-08-31 22:55

Updated : 2017-08-29 01:32

NVD link : CVE-2012-4743

Mitre link : CVE-2012-4743

CVE.ORG link : CVE-2012-4743

JSON object : View

Products Affected

eos.pe

siche_search_module

zeroboard

zeroboard

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2012-4743", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-08-31T22:55:01.887", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0099.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/81178", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/53035", "source": "cve@mitre.org"}, {"url": "http://www.vulnerability-lab.com/get_content.php?id=504", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74916", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in ssearch.php in Siche search module 0.5 for Zeroboard allow remote attackers to execute arbitrary SQL commands via the (1) ss, (2) sm, (3) align, or (4) category parameters."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en ssearch.php de Siche search module v0.5 para Zeroboard permite que atacantes remotos ejecuten comandos SQL a trav\u00e9s de los par\u00e1metros (1) ss, (2) sm, (3) align, o (4) category."}], "lastModified": "2017-08-29T01:32:21.493", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eos.pe:siche_search_module:0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "815CEBC7-18A7-466D-94D4-0493B5D05645"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zeroboard:zeroboard:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "575FAC6D-3B24-449F-BBC3-E4019F922202"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}