Lucene search

MitreCVE-2012-0973

HistorySep 25, 2012 - 11:55 p.m.

CVE-2012-0973

2012-09-2523:55:01

CWE-89

mitre

web.nvd.nist.gov

cve-2012-0973

osclass

sql injection

remote attackers

arbitrary commands

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.7

Confidence

Low

EPSS

0.005

Percentile

75.6%

JSON

Multiple SQL injection vulnerabilities in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the sCategory parameter to index.php, which is not properly handled by the (1) osc_search_category_id function in oc-includes/osclass/helpers/hSearch.php and (2) findBySlug function oc-includes/osclass/model/Category.php. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd

Node

osclassosclassRange≤2.3.4

VendorProductVersionCPE
osclassosclass*cpe:2.3:a:osclass:osclass:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
osclass	osclass	*	cpe:2.3:a:osclass:osclass::::::::

References

archives.neohapsis.com/archives/bugtraq/2012-01/0157.html

osclass.org/2012/01/16/osclass-2-3-5/

secunia.com/advisories/47697

www.securityfocus.com/bid/51662

github.com/osclass/OSClass/commit/ff7ef8a97301aaaf6a97fe46c2c27981a86b4e2f#diff-73

www.htbridge.ch/advisory/multiple_vulnerabilities_in_osclass.html

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.7

Confidence

Low

EPSS

0.005

Percentile

75.6%

JSON

Related for CVE-2012-0973