FKIE_CVE-2012-5244

Vulnerability from fkie_nvd - Published: 2014-10-20 14:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter to functions/suggest.php; (5) the id parameter to functions/widgets.php, (6) the category parameter to functions/print.php; or (7) the name parameter to functions/ajax.php.
References
cve@mitre.orghttp://osvdb.org/88535
cve@mitre.orghttp://osvdb.org/88536
cve@mitre.orghttp://osvdb.org/88537
cve@mitre.orghttp://osvdb.org/88538
cve@mitre.orghttp://www.exploit-db.com/exploits/23573/Exploit
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/80746
cve@mitre.orghttps://www.htbridge.com/advisory/HTB23118Exploit
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/88535
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/88536
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/88537
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/88538
af854a3a-2127-422b-91ae-364da2661108http://www.exploit-db.com/exploits/23573/Exploit
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/80746
af854a3a-2127-422b-91ae-364da2661108https://www.htbridge.com/advisory/HTB23118Exploit
Impacted products
Vendor Product Version
bananadance banana_dance *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:bananadance:banana_dance:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B64F9313-3CD8-4258-8C67-A659BF1275FA",
              "versionEndIncluding": "b.2.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter to functions/suggest.php; (5) the id parameter to functions/widgets.php, (6) the category parameter to functions/print.php; or (7) the name parameter to functions/ajax.php."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en Banana Dance B.2.6 y anteriores permiten a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro (1) return, (2) display, (3) table, o (4) search en functions/suggest.php; (5) del par\u00e1metro id en functions/widgets.php, (6) del par\u00e1metro category en functions/print.php; o (7) del par\u00e1metro name en functions/ajax.php."
    }
  ],
  "id": "CVE-2012-5244",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-10-20T14:55:03.730",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/88535"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/88536"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/88537"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/88538"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/23573/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80746"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.htbridge.com/advisory/HTB23118"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/88535"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/88536"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/88537"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/88538"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/23573/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80746"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.htbridge.com/advisory/HTB23118"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.