CVE Reference: CVE-2012-0973

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2012-0973

Description:
Multiple SQL injection vulnerabilities in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the sCategory parameter to index.php, which is not properly handled by the (1) osc_search_category_id function in oc-includes/osclass/helpers/hSearch.php and (2) findBySlug function oc-includes/osclass/model/Category.php. NOTE: some of these details are obtained from third party information.

CVE Status:
Candidate

References:

SAID
  Secunia Advisory: SA47697

MISC

CONFIRM
  http://osclass.org/2012/01/16/osclass-2-3-5/

BUGTRAQ
  http://archives.neohapsis.com/archives/bugtraq/2012-01/0157.html

BID
  51662


Return to the previous page.