Lucene search

[email protected]CVE-2012-1665

HistoryMay 20, 2015 - 6:59 p.m.

CVE-2012-1665

2015-05-2018:59:01

CWE-89

[email protected]

web.nvd.nist.gov

cve-2012-1665

sql injection

oscmax

admin panel

remote attackers

arbitrary commands

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.6 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.2%

JSON

Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow (1) remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or (2) remote administrators to execute arbitrary SQL commands via the status parameter to admin/stats_monthly_sales.php or (3) country parameter in a process action to admin/create_account_process.php.

Affected configurations

NVD

Node

oscmaxoscmaxRange≤2.5.0

CPENameOperatorVersion
oscmax:oscmaxoscmaxle2.5.0

CPE	Name	Operator	Version
oscmax:oscmax	oscmax	le	2.5.0

References

archives.neohapsis.com/archives/bugtraq/2012-04/0021.html

bugtrack.oscmax.com/view.php?id=1165

www.oscmax.com/blog/michael_s/oscmax_v251_has_been_released_security_update

www.osvdb.org/80900

www.osvdb.org/80901

www.osvdb.org/80902

www.htbridge.com/advisory/HTB23081

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.6 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.2%

JSON

Related for CVE-2012-1665

cvelist1 nvd1 prion1 securityvulns2 htbridge1 packetstorm1 openvas1