cbcvebase.
CVE-2012-10047
published 2025-08-08

CVE-2012-10047: Cyclope Employee Surveillance Solution versions 6.x are vulnerable to a SQL injection flaw in its login mechanism. The username parameter in the auth-login…

PriorityP269critical10CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCHSIHSAHEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
0.86%
54.1th percentile
Cyclope Employee Surveillance Solution versions 6.x are vulnerable to a SQL injection flaw in its login mechanism. The username parameter in the auth-login POST request is not properly sanitized, allowing attackers to inject arbitrary SQL statements. This can be leveraged to write and execute a malicious PHP file on disk, resulting in remote code execution under the SYSTEM user context.

Affected

1 ranges
VendorProductVersion rangeFixed in
cyclope-seriescyclope_employee_surveillance_solution

Detection & IOCsextracted from sources · hover to see the quote

url/auth-login (POST, username parameter)
  • Monitor POST requests to the /auth-login endpoint of Cyclope ESS for SQL metacharacters or injection patterns in the username parameter.
  • Alert on creation of new PHP files in the Cyclope ESS web root, as exploitation can result in a malicious PHP webshell being written to disk.
  • Investigate any processes spawned under the SYSTEM context originating from the Cyclope ESS web service, as successful exploitation results in code execution as SYSTEM.
  • ·Vulnerability is confirmed to affect Cyclope Employee Surveillance Solution version 6.x only; other versions are not referenced as affected.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.