Lucene search

[email protected]CVE-2012-0905

HistoryJan 20, 2012 - 5:55 p.m.

CVE-2012-0905

2012-01-2017:55:02

CWE-89

[email protected]

web.nvd.nist.gov

390

cve-2012-0905

sql injection

dev!l'z clanportal

dzcp

gamebase addon

remote attackers

sql commands

index.php

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.6 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.0%

JSON

SQL injection vulnerability in deV!L’z Clanportal (DZCP) Gamebase addon allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a detail action to index.php.

Affected configurations

NVD

Node

dev\!l\'sdev\!l\'z_clanportal_gamebase_addon

CPENameOperatorVersion
dev\!l\'s:dev\!l\'z_clanportal_gamebase_addondev!l's dev!l'z clanportal gamebase addoneq*

CPE	Name	Operator	Version
dev\!l\'s:dev\!l\'z_clanportal_gamebase_addon	dev!l's dev!l'z clanportal gamebase addon	eq	*

References

secunia.com/advisories/47563

www.exploit-db.com/exploits/18385

exchange.xforce.ibmcloud.com/vulnerabilities/72452

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.6 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.0%

JSON

Related for CVE-2012-0905

nvd1 prion1 cvelist1