CVE-2012-4927
published 2012-09-15CVE-2012-4927: SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands…
PriorityP348high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.24%
80.7th percentile
SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| limesurvey | limesurvey | <= 1.90\+ | — |
| limesurvey | limesurvey | — | — |
| limesurvey | limesurvey | — | — |
| limesurvey | limesurvey | — | — |
| limesurvey | limesurvey | — | — |
| limesurvey | limesurvey | — | — |
| limesurvey | limesurvey | — | — |
| limesurvey | limesurvey | — | — |
| limesurvey | limesurvey | — | — |
| limesurvey | limesurvey | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
ACME micro_httpd - Denial of Service
exploitdb·2014-07-18·CVSS 7.8
CVE-2014-4927 [HIGH] ACME micro_httpd - Denial of Service
ACME micro_httpd - Denial of Service
---
"""
# Exploit Title: Buffer Overflow in micro_httpd by ACME
# Date: 4/7/2014
# Exploit Author: Yuval tisf Nativ
# Vendor Homepage: http://www.acme.com/software/micro_httpd/
# Software Link: http://www.acme.com/software/micro_httpd/
# Version: June 2012
# CVE: CVE-2014-4927
# Tested on: D-Link: (DSL2750U, DSL2740U), NetGear: (WGR614, MR-ADSL-DG834)
Buffer Overflow in micro_httpd
Argument for GET method is vulnerable to a buffer overflow.
Analyzed on:
D-Link: DSL2750U, DSL2740U,
NetGear: WGR614, MR-ADSL-DG834
ACME Labs offer no version tracking on server versions so version might not
be accurate.
Disassmebly in MIPS of vulnerable flow:
sub_4067CC:
LOAD:004067CC
LOAD:004067CC lui $gp, 0x47
LOAD:004067D0 addiu $sp, -0xA0
LOAD:004067D4 li $gp, 0x4
Exploit-DB
LimeSurvey (PHPSurveyor 1.91+ stable) - Blind SQL Injection
exploitdb·2012-02-22
CVE-2012-4927 LimeSurvey (PHPSurveyor 1.91+ stable) - Blind SQL Injection
LimeSurvey (PHPSurveyor 1.91+ stable) - Blind SQL Injection
---
# Exploit Title: LimeSurvey Blind SQL injection
# Date: 20/02/2012
# Author: TorTukiTu - OpenSphere
# Version: 1.91+ build 11804
# Tested on: php
{cke_protected}{C}{cke_protected}{C}
# TorTukiTu - Killing Tortoise
# ,-"""-.
# oo._/ \___/ \
# (____)_/___\__\_)
# /_// \\_\
#
# Cookie hacking + Blind SQL Injection
# The vulnerability occurs when a user answers a survey (index.php).
# The session variables can be freely hacked using the following lines in save.php l.82 :
# if (isset($_POST[$pf])) {$_SESSION[$pf] = $_POST[$pf];}
# if (!isset($_POST[$pf])) {$_SESSION[$pf] = "";}
# $pf is user input in the POST variable
# once splitted, SQL request is directly build from those sessions variable by function createinse
No writeups or analysis indexed.
http://freecode.com/projects/limesurvey/releases/342070http://osvdb.org/79459http://packetstormsecurity.org/files/110100/limesurvey-sql.txthttp://secunia.com/advisories/48051http://www.exploit-db.com/exploits/18508http://www.limesurvey.org/en/stable-releasehttp://www.securityfocus.com/bid/52114https://exchange.xforce.ibmcloud.com/vulnerabilities/73395http://freecode.com/projects/limesurvey/releases/342070http://osvdb.org/79459http://packetstormsecurity.org/files/110100/limesurvey-sql.txthttp://secunia.com/advisories/48051http://www.exploit-db.com/exploits/18508http://www.limesurvey.org/en/stable-releasehttp://www.securityfocus.com/bid/52114https://exchange.xforce.ibmcloud.com/vulnerabilities/73395
2012-09-15
Published