CVE-2012-5244

Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter to functions/suggest.php; (5) the id parameter to functions/widgets.php, (6) the category parameter to functions/print.php; or (7) the name parameter to functions/ajax.php.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://osvdb.org/88535
http://osvdb.org/88536
http://osvdb.org/88537
http://osvdb.org/88538
http://www.exploit-db.com/exploits/23573/	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/80746
https://www.htbridge.com/advisory/HTB23118	Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:bananadance:banana_dance:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-10-20 14:55

Updated : 2024-02-28 12:20

NVD link : CVE-2012-5244

Mitre link : CVE-2012-5244

CVE.ORG link : CVE-2012-5244

JSON object : View

Products Affected

bananadance

banana_dance

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2012-5244", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-10-20T14:55:03.730", "references": [{"url": "http://osvdb.org/88535", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/88536", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/88537", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/88538", "source": "cve@mitre.org"}, {"url": "http://www.exploit-db.com/exploits/23573/", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80746", "source": "cve@mitre.org"}, {"url": "https://www.htbridge.com/advisory/HTB23118", "tags": ["Exploit"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter to functions/suggest.php; (5) the id parameter to functions/widgets.php, (6) the category parameter to functions/print.php; or (7) the name parameter to functions/ajax.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en Banana Dance B.2.6 y anteriores permiten a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro (1) return, (2) display, (3) table, o (4) search en functions/suggest.php; (5) del par\u00e1metro id en functions/widgets.php, (6) del par\u00e1metro category en functions/print.php; o (7) del par\u00e1metro name en functions/ajax.php."}], "lastModified": "2017-08-29T01:32:33.353", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bananadance:banana_dance:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B64F9313-3CD8-4258-8C67-A659BF1275FA", "versionEndIncluding": "b.2.6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}