Details of VAR-201210-0426

ID

VAR-201210-0426

CVE

CVE-2012-5293

TITLE

SAPID CMS In PHP Remote file inclusion vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2012-004738

DESCRIPTION

Multiple PHP remote file inclusion vulnerabilities in SAPID CMS 1.2.3 Stable allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[root_path] parameter to usr/extensions/get_tree.inc.php or (2) root_path parameter to usr/extensions/get_infochannel.inc.php. (1) usr/extensions/get_tree.inc.php of GLOBALS[root_path] Parameters (2) usr/extensions/get_infochannel.inc.php of root_path Parameters. SAPID CMS is a content management system. An attacker can exploit these vulnerabilities to obtain potentially sensitive information or to execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible. SAPID CMS 1.2.3 is vulnerable; other versions may also be affected

Trust: 2.61

sources: NVD: CVE-2012-5293 // JVNDB: JVNDB-2012-004738 // CNVD: CNVD-2012-0058 // BID: 51323 // IVD: ceb4643e-1f78-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: ceb4643e-1f78-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0058

AFFECTED PRODUCTS

vendor:	redgraphic	model:	sapid cms	scope:	eq	version:	1.2.3	Trust: 1.6
vendor:	sapid	model:	cms	scope:	eq	version:	1.2.3	Trust: 0.9
vendor:	red graphic	model:	sapid cms	scope:	eq	version:	1.2.3 stable	Trust: 0.8
vendor:	sapid cms	model:	-	scope:	eq	version:	1.2.3	Trust: 0.2

sources: IVD: ceb4643e-1f78-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0058 // BID: 51323 // JVNDB: JVNDB-2012-004738 // CNNVD: CNNVD-201201-102 // NVD: CVE-2012-5293

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-5293
value:	HIGH
Trust: 1.0
NVD:	CVE-2012-5293
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201201-102
value:	HIGH
Trust: 0.6
IVD:	ceb4643e-1f78-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2

nvd@nist.gov:	CVE-2012-5293
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
IVD:	ceb4643e-1f78-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: ceb4643e-1f78-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2012-004738 // CNNVD: CNNVD-201201-102 // NVD: CVE-2012-5293

PROBLEMTYPE DATA

problemtype:

CWE-94

Trust: 1.8

sources: JVNDB: JVNDB-2012-004738 // NVD: CVE-2012-5293

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201201-102

TYPE

Code injection

Trust: 0.8

sources: IVD: ceb4643e-1f78-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201201-102

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-004738

PATCH

title:

SAPID

url:

http://sapid.sourceforge.net/

Trust: 0.8

sources: JVNDB: JVNDB-2012-004738

EXTERNAL IDS

db:	NVD	id:	CVE-2012-5293	Trust: 2.9
db:	BID	id:	51323	Trust: 2.5
db:	EXPLOIT-DB	id:	18342	Trust: 1.6
db:	OSVDB	id:	82475	Trust: 1.6
db:	OSVDB	id:	82476	Trust: 1.6
db:	CNVD	id:	CNVD-2012-0058	Trust: 0.8
db:	CNNVD	id:	CNNVD-201201-102	Trust: 0.8
db:	JVNDB	id:	JVNDB-2012-004738	Trust: 0.8
db:	XF	id:	72238	Trust: 0.6
db:	IVD	id:	CEB4643E-1F78-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: ceb4643e-1f78-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0058 // BID: 51323 // JVNDB: JVNDB-2012-004738 // CNNVD: CNNVD-201201-102 // NVD: CVE-2012-5293

REFERENCES

url:	http://www.securityfocus.com/bid/51323	Trust: 1.6
url:	http://www.osvdb.org/82476	Trust: 1.6
url:	http://www.osvdb.org/82475	Trust: 1.6
url:	http://www.exploit-db.com/exploits/18342	Trust: 1.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/72238	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5293	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-5293	Trust: 0.8
url:	http://www.securityfocus.com/bid/51323/	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/72238	Trust: 0.6
url:	http://sapid.sourceforge.net/	Trust: 0.3

sources: CNVD: CNVD-2012-0058 // BID: 51323 // JVNDB: JVNDB-2012-004738 // CNNVD: CNNVD-201201-102 // NVD: CVE-2012-5293

CREDITS

Opa Yong

Trust: 0.9

sources: BID: 51323 // CNNVD: CNNVD-201201-102

SOURCES

db:	IVD	id:	ceb4643e-1f78-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2012-0058
db:	BID	id:	51323
db:	JVNDB	id:	JVNDB-2012-004738
db:	CNNVD	id:	CNNVD-201201-102
db:	NVD	id:	CVE-2012-5293

LAST UPDATE DATE

2024-08-14T14:28:06.260000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-0058	date:	2012-01-11T00:00:00
db:	BID	id:	51323	date:	2012-10-08T18:40:00
db:	JVNDB	id:	JVNDB-2012-004738	date:	2012-10-09T00:00:00
db:	CNNVD	id:	CNNVD-201201-102	date:	2012-01-11T00:00:00
db:	NVD	id:	CVE-2012-5293	date:	2017-08-29T01:32:37.447

SOURCES RELEASE DATE

db:	IVD	id:	ceb4643e-1f78-11e6-abef-000c29c66e3d	date:	2012-01-11T00:00:00
db:	CNVD	id:	CNVD-2012-0058	date:	2012-01-11T00:00:00
db:	BID	id:	51323	date:	2012-01-09T00:00:00
db:	JVNDB	id:	JVNDB-2012-004738	date:	2012-10-09T00:00:00
db:	CNNVD	id:	CNNVD-201201-102	date:	1900-01-01T00:00:00
db:	NVD	id:	CVE-2012-5293	date:	2012-10-04T16:55:01.040