CVE

Id
58610  
CVE No.
CVE-2012-5367  
Status
Candidate  
Description
Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 allow remote authenticated administrators to execute arbitrary SQL commands via the sortField parameter to (1) viewCustomers, (2) viewPayGrades, or (3) viewSystemUsers in symfony/web/index.php/admin/, as demonstrated using cross-site request forgery (CSRF) attacks.  
Phase
Assigned (20121010)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
600561 58610 CVE-2012-5367 BUGTRAQ:20121105 SQL Injection Vulnerability in OrangeHRM  View
600562 58610 CVE-2012-5367 URL:http://archives.neohapsis.com/archives/bugtraq/2012-11/0029.html  View
600563 58610 CVE-2012-5367 MISC:https://www.htbridge.com/advisory/HTB23119  View
600564 58610 CVE-2012-5367 MISC:http://packetstormsecurity.org/files/117925/OrangeHRM-2.7.1-rc.1-Cross-Site-Request-Forgery-SQL-Injection.html  View
600565 58610 CVE-2012-5367 BID:56417  View
600566 58610 CVE-2012-5367 URL:http://www.securityfocus.com/bid/56417  View
600567 58610 CVE-2012-5367 OSVDB:86858  View
600568 58610 CVE-2012-5367 URL:http://osvdb.org/86858  View
600569 58610 CVE-2012-5367 XF:orangehrm-index-sql-injection(79833)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
34961 JVNDB-2011-005203 Rubinius におけるサービス運用妨害 (CPU 資源の消費) の脆弱性 Rubinius は、ハッシュ衝突を想定した制限を適切に行わずにハッシュ値を算出するため、サービス運用妨害 (CPU 資源の消費) 状態となる脆弱性が存在します。 CVE-2012-5372 58610 5 http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-005203.html  View