CVE-2012-0805
Summary
| CVE | CVE-2012-0805 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2012-06-05 22:55:00 UTC |
| Updated | 2018-01-18 02:29:00 UTC |
| Description | Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset keyword to the select function, or unspecified vectors to the (3) select.limit or (4) select.offset function. |
Risk And Classification
Problem Types: CWE-89
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Sqlalchemy | Sqlalchemy | 0.6.0 | All | All | All |
| Application | Sqlalchemy | Sqlalchemy | 0.6.0 | beta1 | All | All |
| Application | Sqlalchemy | Sqlalchemy | 0.6.0 | beta2 | All | All |
| Application | Sqlalchemy | Sqlalchemy | 0.6.0 | beta3 | All | All |
| Application | Sqlalchemy | Sqlalchemy | 0.6.1 | All | All | All |
| Application | Sqlalchemy | Sqlalchemy | 0.6.2 | All | All | All |
| Application | Sqlalchemy | Sqlalchemy | 0.6.3 | All | All | All |
| Application | Sqlalchemy | Sqlalchemy | 0.6.4 | All | All | All |
| Application | Sqlalchemy | Sqlalchemy | 0.6.5 | All | All | All |
| Application | Sqlalchemy | Sqlalchemy | 0.6.6 | All | All | All |
| Application | Sqlalchemy | Sqlalchemy | 0.6.7 | All | All | All |
| Application | Sqlalchemy | Sqlalchemy | 0.7.0 | b1 | All | All |
| Application | Sqlalchemy | Sqlalchemy | 0.7.0 | b2 | All | All |
| Application | Sqlalchemy | Sqlalchemy | All | b3 | All | All |
| Application | Sqlalchemy | Sqlalchemy | 0.6.0 | All | All | All |
| Application | Sqlalchemy | Sqlalchemy | 0.6.0 | beta1 | All | All |
| Application | Sqlalchemy | Sqlalchemy | 0.6.0 | beta2 | All | All |
| Application | Sqlalchemy | Sqlalchemy | 0.6.0 | beta3 | All | All |
| Application | Sqlalchemy | Sqlalchemy | 0.6.1 | All | All | All |
| Application | Sqlalchemy | Sqlalchemy | 0.6.2 | All | All | All |
| Application | Sqlalchemy | Sqlalchemy | 0.6.3 | All | All | All |
| Application | Sqlalchemy | Sqlalchemy | 0.6.4 | All | All | All |
| Application | Sqlalchemy | Sqlalchemy | 0.6.5 | All | All | All |
| Application | Sqlalchemy | Sqlalchemy | 0.6.6 | All | All | All |
| Application | Sqlalchemy | Sqlalchemy | 0.6.7 | All | All | All |
| Application | Sqlalchemy | Sqlalchemy | 0.7.0 | b1 | All | All |
| Application | Sqlalchemy | Sqlalchemy | 0.7.0 | b2 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 0.7 Changelog — SQLAlchemy 1.4 Documentation | CONFIRM | www.sqlalchemy.org | |
| Debian -- Security Information -- DSA-2449-1 sqlalchemy | DEBIAN | www.debian.org | |
| Bug #918608 “SQL injection through limit parameter” : Bugs : Keystone | MISC | bugs.launchpad.net | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| Security Alerts - Secunia | SECUNIA | secunia.com | Vendor Advisory |
| GitHub - sqlalchemy/sqlalchemy: The Database Toolkit for Python | CONFIRM | www.sqlalchemy.org | Exploit, Patch |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Security Alerts - Secunia | SECUNIA | secunia.com | Vendor Advisory |
| Security Alerts - Secunia | SECUNIA | secunia.com | Vendor Advisory |
| mandriva.com | MANDRIVA | www.mandriva.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.