CVE-2012-5244

Sažetak

Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter to functions/suggest.php; (5) the id parameter to functions/widgets.php, (6) the category parameter to functions/print.php; or (7) the name parameter to functions/ajax.php.

Reference

http://osvdb.org/88535
http://osvdb.org/88536
http://osvdb.org/88537
http://osvdb.org/88538
http://www.exploit-db.com/exploits/23573/
https://exchange.xforce.ibmcloud.com/vulnerabilities/80746
https://www.htbridge.com/advisory/HTB23118

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

29-08-2017 - 01:32

Objavljeno

20-10-2014 - 14:55