CVE-2012-0805

Sažetak

Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset keyword to the select function, or unspecified vectors to the (3) select.limit or (4) select.offset function.

Reference

http://rhn.redhat.com/errata/RHSA-2012-0369.html
http://secunia.com/advisories/48327
http://secunia.com/advisories/48328
http://secunia.com/advisories/48771
http://www.debian.org/security/2012/dsa-2449
http://www.mandriva.com/security/advisories?name=MDVSA-2012:059
http://www.sqlalchemy.org/changelog/CHANGES_0_7_0
http://www.sqlalchemy.org/trac/changeset/852b6a1a87e7/
https://bugs.launchpad.net/keystone/+bug/918608
https://exchange.xforce.ibmcloud.com/vulnerabilities/73756

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

18-01-2018 - 02:29

Objavljeno

05-06-2012 - 22:55