CVE-2012-4927

Published Sep 15, 2012

Last updated 7 years ago

Overview

Description: SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-89

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:limesurvey:limesurvey:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52B9D974-86CD-42C7-8A5C-BBB5CAB5D1AE"
          },
          {
            "criteria": "cpe:2.3:a:limesurvey:limesurvey:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1090CD13-D3D6-4F95-8D1C-4EECFB86D3A3",
            "versionEndIncluding": "1.90\\+"
          },
          {
            "criteria": "cpe:2.3:a:limesurvey:limesurvey:1.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9CCACC4D-469E-430A-8F86-7AB988D312B0"
          },
          {
            "criteria": "cpe:2.3:a:limesurvey:limesurvey:1.49:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "47F08F65-3E66-48BE-845B-4FD12A720798"
          },
          {
            "criteria": "cpe:2.3:a:limesurvey:limesurvey:1.49:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D2A35E33-BD54-4E5F-8E48-F79FF7B033CC"
          },
          {
            "criteria": "cpe:2.3:a:limesurvey:limesurvey:1.49_rc2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21CECABD-6E72-4534-939C-00E676B3A432"
          },
          {
            "criteria": "cpe:2.3:a:limesurvey:limesurvey:1.52:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FEA28520-E888-4A29-8D02-E63E810C7683"
          },
          {
            "criteria": "cpe:2.3:a:limesurvey:limesurvey:1.70:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DD3B6B55-FA56-4AA5-BB1D-505C8EF27BF4"
          },
          {
            "criteria": "cpe:2.3:a:limesurvey:limesurvey:1.80:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8FED3FCC-EF18-4C93-B0ED-71D49B2B3EAD"
          },
          {
            "criteria": "cpe:2.3:a:limesurvey:limesurvey:1.80:rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F17F04CC-4044-4A48-880B-9A946F3BB283"
          },
          {
            "criteria": "cpe:2.3:a:limesurvey:limesurvey:1.80\\+:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97967070-D35E-4F10-A86A-12F9CF284ED3"
          },
          {
            "criteria": "cpe:2.3:a:limesurvey:limesurvey:1.81:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8DA98BBD-2A40-42EA-A26D-05C2F7FFCAB8"
          },
          {
            "criteria": "cpe:2.3:a:limesurvey:limesurvey:1.81\\+:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC4D779A-A8AE-4170-8FAF-B443AD431D7F"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References