CVE-2012-4743

Multiple SQL injection vulnerabilities in ssearch.php in Siche search module 0.5 for Zeroboard allow remote attackers to execute arbitrary SQL commands via the (1) ss, (2) sm, (3) align, or (4) category parameters.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://osvdb.org/81178
http://www.securityfocus.com/bid/53035
http://www.vulnerability-lab.com/get_content.php?id=504
http://archives.neohapsis.com/archives/bugtraq/2012-04/0099.html	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/74916

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:eos.pe:siche_search_module:0.5:*:*:*:*:*:*:*

cpe:2.3:a:zeroboard:zeroboard:-:*:*:*:*:*:*:*

Information

Published : 2012-08-31 15:55

Updated : 2017-08-28 18:32

NVD link : CVE-2012-4743

Mitre link : CVE-2012-4743

JSON object : View

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Products Affected

eos.pe

siche_search_module

zeroboard

zeroboard

7.5 /10