NVD

Id
46795  
Name
CVE-2012-5701  
Description
Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search_string or (2) where parameter in a contacts action, (3) dept_id parameter in a departments action, (4) project_id[] parameter in a project action, or (5) company_id parameter in a system action to index.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2014-10-20  
Modified Date
2014-10-24  
Seq
2012-5701  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
234398 46795 CVE-2012-5701 http://packetstormsecurity.com/files/118274/dotProject-2.1.6-Cross-Site-Scripting-SQL-Injection.html  View
234399 46795 CVE-2012-5701 http://sourceforge.net/projects/dotproject/files/dotproject/dotProject%20Version%202.1.7/  View
234400 46795 CVE-2012-5701 56624  View
234401 46795 CVE-2012-5701 dotproject-searchstring-sql-injection(80223)  View
234402 46795 CVE-2012-5701 https://www.htbridge.com/advisory/HTB23124  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
30603 JVNDB-2012-006311 dotProject における SQL インジェクションの脆弱性 dotProject には、SQL インジェクションの脆弱性が存在します。 CVE-2012-5701 58939 CVE-2012-5701 46795 6.8 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-006311.html 2012-11-15 2014-10-27 View