7.5
CVE-2012-6560
- EPSS 1.13%
- Veröffentlicht 23.05.2013 15:55:01
- Zuletzt bearbeitet 29.04.2026 01:13:23
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginSQL injection vulnerability in deviceadd.php in FreeNAC 3.02 allows remote attackers to execute arbitrary SQL commands via the status parameter.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.13% | 0.622 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://www.exploit-db.com/exploits/18900
http://www.securityfocus.com/bid/53617
https://exchange.xforce.ibmcloud.com/vulnerabilities/75763