FKIE_CVE-2012-0805

Vulnerability from fkie_nvd - Published: 2012-06-05 22:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset keyword to the select function, or unspecified vectors to the (3) select.limit or (4) select.offset function.
References
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-0369.html
secalert@redhat.comhttp://secunia.com/advisories/48327Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/48328Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/48771Vendor Advisory
secalert@redhat.comhttp://www.debian.org/security/2012/dsa-2449
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2012:059
secalert@redhat.comhttp://www.sqlalchemy.org/changelog/CHANGES_0_7_0
secalert@redhat.comhttp://www.sqlalchemy.org/trac/changeset/852b6a1a87e7/Exploit, Patch
secalert@redhat.comhttps://bugs.launchpad.net/keystone/+bug/918608
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/73756
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-0369.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48327Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48328Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48771Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2012/dsa-2449
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2012:059
af854a3a-2127-422b-91ae-364da2661108http://www.sqlalchemy.org/changelog/CHANGES_0_7_0
af854a3a-2127-422b-91ae-364da2661108http://www.sqlalchemy.org/trac/changeset/852b6a1a87e7/Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/keystone/+bug/918608
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/73756
Impacted products
Vendor Product Version
sqlalchemy sqlalchemy *
sqlalchemy sqlalchemy 0.6.0
sqlalchemy sqlalchemy 0.6.0
sqlalchemy sqlalchemy 0.6.0
sqlalchemy sqlalchemy 0.6.0
sqlalchemy sqlalchemy 0.6.1
sqlalchemy sqlalchemy 0.6.2
sqlalchemy sqlalchemy 0.6.3
sqlalchemy sqlalchemy 0.6.4
sqlalchemy sqlalchemy 0.6.5
sqlalchemy sqlalchemy 0.6.6
sqlalchemy sqlalchemy 0.6.7
sqlalchemy sqlalchemy 0.7.0
sqlalchemy sqlalchemy 0.7.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sqlalchemy:sqlalchemy:*:b3:*:*:*:*:*:*",
              "matchCriteriaId": "4B32A5D4-162C-4654-B6E7-E8D271E88671",
              "versionEndIncluding": "0.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "94518B16-2C66-4780-AB6A-5820E5B42541",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "EAFCDB6C-3EFA-48F1-97EF-556164009DAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "17B3E248-DC0A-4D88-A10D-68536680BDCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "B19B128B-2964-4D95-BC12-CEB58798B197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AB122B6-95A7-46EB-82B7-7E15A609912B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D56A8DE1-2D45-42A7-9A20-1B439AD2C4F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F19F24F-382E-46D5-B480-BB8B9A1AC478",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD66FBB8-8F2C-4CE8-9037-4957012E6130",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "207C9A7C-2F48-477C-ABAE-C8B16163F1F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A2B6833-08D0-4BA6-BF53-667761708781",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9ECF613D-1500-4675-A696-D5E97E39D490",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sqlalchemy:sqlalchemy:0.7.0:b1:*:*:*:*:*:*",
              "matchCriteriaId": "A77D2681-00DE-49A1-AEF9-D0B824C5E554",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sqlalchemy:sqlalchemy:0.7.0:b2:*:*:*:*:*:*",
              "matchCriteriaId": "DEB7B147-FD30-45C2-8C85-AD3E59305B2B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset keyword to the select function, or unspecified vectors to the (3) select.limit or (4) select.offset function."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en SQLAlchemy antes v0.7.0b4, tal y como se usa en Keystone, permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de las palabras clave (1) limit (l\u00edmite) o (2) offset (desplazamiento) a la funci\u00f3n de select (selecci\u00f3n), o de vectores no especificados a las funciones (3) select.limit o (4) select.offset."
    }
  ],
  "id": "CVE-2012-0805",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-06-05T22:55:08.077",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0369.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/48327"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/48328"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/48771"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2012/dsa-2449"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:059"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.sqlalchemy.org/changelog/CHANGES_0_7_0"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.sqlalchemy.org/trac/changeset/852b6a1a87e7/"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugs.launchpad.net/keystone/+bug/918608"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73756"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0369.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/48327"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/48328"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/48771"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2012/dsa-2449"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:059"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.sqlalchemy.org/changelog/CHANGES_0_7_0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.sqlalchemy.org/trac/changeset/852b6a1a87e7/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.launchpad.net/keystone/+bug/918608"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73756"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.