CVE-2012-0973 in OSClassinfo

Summary

Multiple SQL injection vulnerabilities in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the sCategory parameter to index.php, which is not properly handled by the (1) osc_search_category_id function in oc-includes/osclass/helpers/hSearch.php and (2) findBySlug function oc-includes/osclass/model/Category.php. NOTE: some of these details are obtained from third party information.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

02/01/2012

Disclosure

09/25/2012

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
62435OSClass index.php findBySlug sql injection89Proof-of-ConceptOfficial fixCVE-2012-0973

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!