CVE-2012-2105

Опубликовано: 19 сент. 2012

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Multiple SQL injection vulnerabilities in login.php in Timesheet Next Gen 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.

Ссылки

http://archives.neohapsis.com/archives/bugtraq/2012-03/0011.html
Exploit
http://secunia.com/advisories/48239
Vendor Advisory
http://sourceforge.net/apps/mantisbt/tsheetx/view.php?id=122
http://www.exploit-db.com/exploits/18554
Exploit
http://www.openwall.com/lists/oss-security/2012/04/16/4
http://www.openwall.com/lists/oss-security/2012/04/16/7
http://www.osvdb.org/79804
http://www.securityfocus.com/bid/52270
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/73680
http://archives.neohapsis.com/archives/bugtraq/2012-03/0011.html
Exploit
http://secunia.com/advisories/48239
Vendor Advisory
http://sourceforge.net/apps/mantisbt/tsheetx/view.php?id=122
http://www.exploit-db.com/exploits/18554
Exploit
http://www.openwall.com/lists/oss-security/2012/04/16/4
http://www.openwall.com/lists/oss-security/2012/04/16/7
http://www.osvdb.org/79804
http://www.securityfocus.com/bid/52270
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/73680

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:peter_kovacs:timesheet_next_gen:1.5.2:*:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.00462

Низкий

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-vhrq-rr5q-mpp9

github

больше 3 лет назад