ID

VAR-201210-0426


CVE

CVE-2012-5293


TITLE

SAPID CMS In PHP Remote file inclusion vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2012-004738

DESCRIPTION

Multiple PHP remote file inclusion vulnerabilities in SAPID CMS 1.2.3 Stable allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[root_path] parameter to usr/extensions/get_tree.inc.php or (2) root_path parameter to usr/extensions/get_infochannel.inc.php. (1) usr/extensions/get_tree.inc.php of GLOBALS[root_path] Parameters (2) usr/extensions/get_infochannel.inc.php of root_path Parameters. SAPID CMS is a content management system. An attacker can exploit these vulnerabilities to obtain potentially sensitive information or to execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible. SAPID CMS 1.2.3 is vulnerable; other versions may also be affected

Trust: 2.61

sources: NVD: CVE-2012-5293 // JVNDB: JVNDB-2012-004738 // CNVD: CNVD-2012-0058 // BID: 51323 // IVD: ceb4643e-1f78-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: ceb4643e-1f78-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0058

AFFECTED PRODUCTS

vendor:redgraphicmodel:sapid cmsscope:eqversion:1.2.3

Trust: 1.6

vendor:sapidmodel:cmsscope:eqversion:1.2.3

Trust: 0.9

vendor:red graphicmodel:sapid cmsscope:eqversion:1.2.3 stable

Trust: 0.8

vendor:sapid cmsmodel: - scope:eqversion:1.2.3

Trust: 0.2

sources: IVD: ceb4643e-1f78-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0058 // BID: 51323 // JVNDB: JVNDB-2012-004738 // CNNVD: CNNVD-201201-102 // NVD: CVE-2012-5293

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-5293
value: HIGH

Trust: 1.0

NVD: CVE-2012-5293
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201201-102
value: HIGH

Trust: 0.6

IVD: ceb4643e-1f78-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2012-5293
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: ceb4643e-1f78-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: ceb4643e-1f78-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2012-004738 // CNNVD: CNNVD-201201-102 // NVD: CVE-2012-5293

PROBLEMTYPE DATA

problemtype:CWE-94

Trust: 1.8

sources: JVNDB: JVNDB-2012-004738 // NVD: CVE-2012-5293

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201201-102

TYPE

Code injection

Trust: 0.8

sources: IVD: ceb4643e-1f78-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201201-102

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-004738

PATCH

title:SAPIDurl:http://sapid.sourceforge.net/

Trust: 0.8

sources: JVNDB: JVNDB-2012-004738

EXTERNAL IDS

db:NVDid:CVE-2012-5293

Trust: 2.9

db:BIDid:51323

Trust: 2.5

db:EXPLOIT-DBid:18342

Trust: 1.6

db:OSVDBid:82475

Trust: 1.6

db:OSVDBid:82476

Trust: 1.6

db:CNVDid:CNVD-2012-0058

Trust: 0.8

db:CNNVDid:CNNVD-201201-102

Trust: 0.8

db:JVNDBid:JVNDB-2012-004738

Trust: 0.8

db:XFid:72238

Trust: 0.6

db:IVDid:CEB4643E-1F78-11E6-ABEF-000C29C66E3D

Trust: 0.2

sources: IVD: ceb4643e-1f78-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0058 // BID: 51323 // JVNDB: JVNDB-2012-004738 // CNNVD: CNNVD-201201-102 // NVD: CVE-2012-5293

REFERENCES

url:http://www.securityfocus.com/bid/51323

Trust: 1.6

url:http://www.osvdb.org/82476

Trust: 1.6

url:http://www.osvdb.org/82475

Trust: 1.6

url:http://www.exploit-db.com/exploits/18342

Trust: 1.6

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/72238

Trust: 1.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5293

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-5293

Trust: 0.8

url:http://www.securityfocus.com/bid/51323/

Trust: 0.6

url:http://xforce.iss.net/xforce/xfdb/72238

Trust: 0.6

url:http://sapid.sourceforge.net/

Trust: 0.3

sources: CNVD: CNVD-2012-0058 // BID: 51323 // JVNDB: JVNDB-2012-004738 // CNNVD: CNNVD-201201-102 // NVD: CVE-2012-5293

CREDITS

Opa Yong

Trust: 0.9

sources: BID: 51323 // CNNVD: CNNVD-201201-102

SOURCES

db:IVDid:ceb4643e-1f78-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2012-0058
db:BIDid:51323
db:JVNDBid:JVNDB-2012-004738
db:CNNVDid:CNNVD-201201-102
db:NVDid:CVE-2012-5293

LAST UPDATE DATE

2024-08-14T14:28:06.260000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2012-0058date:2012-01-11T00:00:00
db:BIDid:51323date:2012-10-08T18:40:00
db:JVNDBid:JVNDB-2012-004738date:2012-10-09T00:00:00
db:CNNVDid:CNNVD-201201-102date:2012-01-11T00:00:00
db:NVDid:CVE-2012-5293date:2017-08-29T01:32:37.447

SOURCES RELEASE DATE

db:IVDid:ceb4643e-1f78-11e6-abef-000c29c66e3ddate:2012-01-11T00:00:00
db:CNVDid:CNVD-2012-0058date:2012-01-11T00:00:00
db:BIDid:51323date:2012-01-09T00:00:00
db:JVNDBid:JVNDB-2012-004738date:2012-10-09T00:00:00
db:CNNVDid:CNNVD-201201-102date:1900-01-01T00:00:00
db:NVDid:CVE-2012-5293date:2012-10-04T16:55:01.040