CVE-2012-1665 - Vulnerability Details - OpenCVE

Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow (1) remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or (2) remote administrators to execute arbitrary SQL commands via the status parameter to admin/stats_monthly_sales.php or (3) country parameter in a process action to admin/create_account_process.php.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Oscmax	Oscmax

Configuration 1 [-]

cpe:2.3:a:oscmax:oscmax:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://archives.neohapsis.com/archives/bugtraq/2012-04/0021.html
http://bugtrack.oscmax.com/view.php?id=1165
http://www.oscmax.com/blog/michael_s/oscmax_v251_has_been_released_security_update
http://www.osvdb.org/80900
http://www.osvdb.org/80901
http://www.osvdb.org/80902
https://www.htbridge.com/advisory/HTB23081

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2015-05-20T18:00:00

Updated: 2024-08-06T19:01:02.941Z

Reserved: 2012-03-14T00:00:00

Link: CVE-2012-1665

Vulnrichment

No data.

NVD

Status : Modified

Published: 2015-05-20T18:59:01.527

Modified: 2024-11-21T01:37:25.290

Link: CVE-2012-1665

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-04-04T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow (1) remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or (2) remote administrators to execute arbitrary SQL commands via the status parameter to admin/stats_monthly_sales.php or (3) country parameter in a process action to admin/create_account_process.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-05-20T17:57:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.htbridge.com/advisory/HTB23081"}, {"name": "80901", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/80901"}, {"name": "20120404 Multiple vulnerabilities in osCmax", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0021.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugtrack.oscmax.com/view.php?id=1165"}, {"name": "80902", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/80902"}, {"name": "80900", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/80900"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oscmax.com/blog/michael_s/oscmax_v251_has_been_released_security_update"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-1665", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow (1) remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or (2) remote administrators to execute arbitrary SQL commands via the status parameter to admin/stats_monthly_sales.php or (3) country parameter in a process action to admin/create_account_process.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.htbridge.com/advisory/HTB23081", "refsource": "MISC", "url": "https://www.htbridge.com/advisory/HTB23081"}, {"name": "80901", "refsource": "OSVDB", "url": "http://www.osvdb.org/80901"}, {"name": "20120404 Multiple vulnerabilities in osCmax", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0021.html"}, {"name": "http://bugtrack.oscmax.com/view.php?id=1165", "refsource": "CONFIRM", "url": "http://bugtrack.oscmax.com/view.php?id=1165"}, {"name": "80902", "refsource": "OSVDB", "url": "http://www.osvdb.org/80902"}, {"name": "80900", "refsource": "OSVDB", "url": "http://www.osvdb.org/80900"}, {"name": "http://www.oscmax.com/blog/michael_s/oscmax_v251_has_been_released_security_update", "refsource": "CONFIRM", "url": "http://www.oscmax.com/blog/michael_s/oscmax_v251_has_been_released_security_update"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T19:01:02.941Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.htbridge.com/advisory/HTB23081"}, {"name": "80901", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/80901"}, {"name": "20120404 Multiple vulnerabilities in osCmax", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0021.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugtrack.oscmax.com/view.php?id=1165"}, {"name": "80902", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/80902"}, {"name": "80900", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/80900"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oscmax.com/blog/michael_s/oscmax_v251_has_been_released_security_update"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-1665", "datePublished": "2015-05-20T18:00:00", "dateReserved": "2012-03-14T00:00:00", "dateUpdated": "2024-08-06T19:01:02.941Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oscmax:oscmax:*:*:*:*:*:*:*:*", "matchCriteriaId": "059EE7FB-F49C-4457-BE7E-E04903006A89", "versionEndIncluding": "2.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow (1) remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or (2) remote administrators to execute arbitrary SQL commands via the status parameter to admin/stats_monthly_sales.php or (3) country parameter in a process action to admin/create_account_process.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en el panel de administraci\u00f3n en osCMax anterior a 2.5.1 permiten a (1) atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro username en una acci\u00f3n de procesos en admin/login.php o (2) administradores remotos ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro status en admin/stats_monthly_sales.php o (3) del par\u00e1metro country en una acci\u00f3n de procesos en admin/create_account_process.php."}], "id": "CVE-2012-1665", "lastModified": "2024-11-21T01:37:25.290", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-05-20T18:59:01.527", "references": [{"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0021.html"}, {"source": "cve@mitre.org", "url": "http://bugtrack.oscmax.com/view.php?id=1165"}, {"source": "cve@mitre.org", "url": "http://www.oscmax.com/blog/michael_s/oscmax_v251_has_been_released_security_update"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/80900"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/80901"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/80902"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://www.htbridge.com/advisory/HTB23081"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugtrack.oscmax.com/view.php?id=1165"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oscmax.com/blog/michael_s/oscmax_v251_has_been_released_security_update"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/80900"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/80901"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/80902"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://www.htbridge.com/advisory/HTB23081"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}