Skip to main content

Advantech Webaccess CVE-2012-1234

MEDIUM
SQL Injection (CWE-89)
2012-02-21 cve@mitre.org
6.5
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:S/C:P/I:P/A:P
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Feb 21, 2012 - 13:31 cve.org
MEDIUM 6.5

DescriptionCVE.org

SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0234.

AnalysisAI

SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0234. Affected products include: Advantech Advantech Webaccess.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

CVE-2014-0763 HIGH POC
7.5 Apr 12

An attacker using SQL injection may use arguments to construct queries without proper sanitization. Rated high severity

CVE-2014-2364 HIGH POC
7.5 Jul 19

Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code

CVE-2012-0242 CRITICAL POC
10.0 Feb 21

Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code

CVE-2012-0241 MEDIUM POC
5.0 Feb 21

Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory corruption) via a m

CVE-2012-0243 CRITICAL
10.0 Feb 21

Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 allows remote attackers

CVE-2012-0238 CRITICAL
10.0 Feb 21

Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute

CVE-2012-0240 CRITICAL
10.0 Feb 21

GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remo

CVE-2014-2366 CRITICAL
9.0 Jul 19

upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTM

CVE-2014-0768 HIGH
7.5 Apr 12

An attacker may pass an overly long value from the AccessCode2 argument to the control to overflow the static stack buff

CVE-2014-0767 HIGH
7.5 Apr 12

An attacker may exploit this vulnerability by passing an overly long value from the AccessCode argument to the control.

CVE-2014-0766 HIGH
7.5 Apr 12

An attacker can exploit this vulnerability by copying an overly long NodeName2 argument into a statically sized buffer o

CVE-2014-0765 HIGH
7.5 Apr 12

To exploit this vulnerability, the attacker sends data from the GotoCmd argument to control. Rated high severity (CVSS 7

Share

CVE-2012-1234 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy