CVE-2012-0973
Summary
| CVE | CVE-2012-0973 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2012-09-25 23:55:00 UTC |
| Updated | 2012-09-26 04:00:00 UTC |
| Description | Multiple SQL injection vulnerabilities in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the sCategory parameter to index.php, which is not properly handled by the (1) osc_search_category_id function in oc-includes/osclass/helpers/hSearch.php and (2) findBySlug function oc-includes/osclass/model/Category.php. NOTE: some of these details are obtained from third party information. |
Risk And Classification
Problem Types: CWE-89
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| About Secunia Research | Flexera | SECUNIA | secunia.com | Vendor Advisory |
| OSClass 2.3.5 · osclass/Osclass@ff7ef8a · GitHub | CONFIRM | github.com | |
| NEOHAPSIS - Peace of Mind Through Integrity and Insight | BUGTRAQ | archives.neohapsis.com | |
| High-Tech Bridge SA - Advisories - Multiple vulnerabilities in OSclass | MISC | www.htbridge.ch | |
| OSClass SQL Injection and Cross Site Scripting Vulnerabilities | BID | www.securityfocus.com | |
| OSClass 2.3.5 | Blog | Osclass the free scripts classifiedBlog | Osclass the free scripts classified | Professional open source classifieds | CONFIRM | osclass.org | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.