Lucene search
MitreCVELIST:CVE-2012-0973HistorySep 25, 2012 - 11:00 p.m.
CVE-2012-0973
2012-09-2523:00:00
mitre
www.cve.org
5
osclass
sql injection
remote attackers
scategory parameter
index.php
osc_search_category_id
findbyslug function
Multiple SQL injection vulnerabilities in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the sCategory parameter to index.php, which is not properly handled by the (1) osc_search_category_id function in oc-includes/osclass/helpers/hSearch.php and (2) findBySlug function oc-includes/osclass/model/Category.php. NOTE: some of these details are obtained from third party information.
References
archives.neohapsis.com/archives/bugtraq/2012-01/0157.html
osclass.org/2012/01/16/osclass-2-3-5/
secunia.com/advisories/47697
www.securityfocus.com/bid/51662
github.com/osclass/OSClass/commit/ff7ef8a97301aaaf6a97fe46c2c27981a86b4e2f#diff-73
www.htbridge.ch/advisory/multiple_vulnerabilities_in_osclass.html
Related
prion
prion
Sql injection
2012-09-25 23:55:00
cve
cve
CVE-2012-0973
2012-09-25 23:55:01
exploitdb
exploitdb
OSClass 2.3.3 - 'index.php?sCategory' SQL Injection
2012-01-25 00:00:00
nvd
nvd
CVE-2012-0973
2012-09-25 23:55:01
htbridge
htbridge
Multiple vulnerabilities in OSclass
2012-01-04 00:00:00
openvas
openvas
OSClass < 2.3.5 Multiple Vulnerabilities - Active Check
2012-09-27 00:00:00