CVE-2012-2956
published 2014-09-17CVE-2012-2956: SQL injection vulnerability in SpiceWorks 5.3.75941 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to api_v2.json…
PriorityP336medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EXPLOIT
EPSS
1.10%
61.7th percentile
SQL injection vulnerability in SpiceWorks 5.3.75941 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to api_v2.json. NOTE: this entry was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6658 is for the XSS.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| spiceworks | spiceworks | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c88c-rr5r-3prm: SQL injection vulnerability in SpiceWorks 5
ghsa_unreviewed·2022-05-17·CVSS 4.3
CVE-2012-2956 [MEDIUM] CWE-89 GHSA-c88c-rr5r-3prm: SQL injection vulnerability in SpiceWorks 5
SQL injection vulnerability in SpiceWorks 5.3.75941 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to api_v2.json. NOTE: this entry was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6658 is for the XSS.
GHSA
GHSA-mvjr-pp8f-j699: Multiple cross-site scripting (XSS) vulnerabilities in SpiceWorks 5
ghsa_unreviewed·2022-05-17·CVSS 6.5
CVE-2012-6658 [MEDIUM] CWE-79 GHSA-mvjr-pp8f-j699: Multiple cross-site scripting (XSS) vulnerabilities in SpiceWorks 5
Multiple cross-site scripting (XSS) vulnerabilities in SpiceWorks 5.3.75941 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact, or (3) sysName configuration in snmpd.conf. NOTE: this entry was SPLIT from CVE-2012-2956 per ADT2 due to different vulnerability types.
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/84113http://www.exploit-db.com/exploits/20063http://www.securityfocus.com/bid/54647https://exchange.xforce.ibmcloud.com/vulnerabilities/77174http://osvdb.org/84113http://www.exploit-db.com/exploits/20063http://www.securityfocus.com/bid/54647https://exchange.xforce.ibmcloud.com/vulnerabilities/77174
2014-09-17
Published