// For flags

CVE-2012-2751

Parodia 6.8 SQL Injection

Severity Score

4.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-5031.

ModSecurity anterior a v2.6.6, cuando se utiliza con PHP, no maneja correctamente las comillas simples al principio de un valor de un parámetro en el campo Content-Disposition de una solicitud con un multipart/form-data Content-Type, permite control remoto atacantes para eludir las reglas de filtrado y llevar a cabo otros ataques como secuencias de comandos en sitios cruzados (XSS). NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2009-5031.

Parodia versions 6.8 and below suffer from multiple remote SQL injection vulnerabilities.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2012-05-14 CVE Reserved
  • 2012-06-25 CVE Published
  • 2024-06-17 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Trustwave
Search vendor "Trustwave"
Modsecurity
Search vendor "Trustwave" for product "Modsecurity"
< 2.6.6
Search vendor "Trustwave" for product "Modsecurity" and version " < 2.6.6"
-
Affected
Opensuse
Search vendor "Opensuse"
Opensuse
Search vendor "Opensuse" for product "Opensuse"
11.4
Search vendor "Opensuse" for product "Opensuse" and version "11.4"
-
Affected
Opensuse
Search vendor "Opensuse"
Opensuse
Search vendor "Opensuse" for product "Opensuse"
12.2
Search vendor "Opensuse" for product "Opensuse" and version "12.2"
-
Affected
Opensuse
Search vendor "Opensuse"
Opensuse
Search vendor "Opensuse" for product "Opensuse"
12.3
Search vendor "Opensuse" for product "Opensuse" and version "12.3"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
6.0
Search vendor "Debian" for product "Debian Linux" and version "6.0"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
7.0
Search vendor "Debian" for product "Debian Linux" and version "7.0"
-
Affected
Oracle
Search vendor "Oracle"
Http Server
Search vendor "Oracle" for product "Http Server"
11.1.1.6.0
Search vendor "Oracle" for product "Http Server" and version "11.1.1.6.0"
-
Affected