CVE-2012-2105
high
CVSS v3
—
CVSS v2
7.5
VIR risk
7.5
Description
Multiple SQL injection vulnerabilities in login.php in Timesheet Next Gen 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secalert@redhat.com — http://secunia.com/advisories/48239
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| peter_kovacs | timesheet_next_gen | 1.5.2 | |
References
- http://archives.neohapsis.com/archives/bugtraq/2012-03/0011.html
- http://secunia.com/advisories/48239
- http://sourceforge.net/apps/mantisbt/tsheetx/view.php?id=122
- http://www.exploit-db.com/exploits/18554
- http://www.openwall.com/lists/oss-security/2012/04/16/4
- http://www.openwall.com/lists/oss-security/2012/04/16/7
- http://www.osvdb.org/79804
- http://www.securityfocus.com/bid/52270
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73680
- http://archives.neohapsis.com/archives/bugtraq/2012-03/0011.html
- http://secunia.com/advisories/48239
- http://sourceforge.net/apps/mantisbt/tsheetx/view.php?id=122
- http://www.exploit-db.com/exploits/18554
- http://www.openwall.com/lists/oss-security/2012/04/16/4
- http://www.openwall.com/lists/oss-security/2012/04/16/7
- http://www.osvdb.org/79804
- http://www.securityfocus.com/bid/52270
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73680
CWEs
CWE-89
Verify integrity in audit chain (admin only). AS-IS.