VAR-201210-0426
Vulnerability from variot - Updated: 2023-12-18 12:09Multiple PHP remote file inclusion vulnerabilities in SAPID CMS 1.2.3 Stable allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[root_path] parameter to usr/extensions/get_tree.inc.php or (2) root_path parameter to usr/extensions/get_infochannel.inc.php. (1) usr/extensions/get_tree.inc.php of GLOBALS[root_path] Parameters (2) usr/extensions/get_infochannel.inc.php of root_path Parameters. SAPID CMS is a content management system. An attacker can exploit these vulnerabilities to obtain potentially sensitive information or to execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible. SAPID CMS 1.2.3 is vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201210-0426",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sapid cms",
"scope": "eq",
"trust": 1.6,
"vendor": "redgraphic",
"version": "1.2.3"
},
{
"model": "cms",
"scope": "eq",
"trust": 0.9,
"vendor": "sapid",
"version": "1.2.3"
},
{
"model": "sapid cms",
"scope": "eq",
"trust": 0.8,
"vendor": "red graphic",
"version": "1.2.3 stable"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sapid cms",
"version": "1.2.3"
}
],
"sources": [
{
"db": "IVD",
"id": "ceb4643e-1f78-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0058"
},
{
"db": "BID",
"id": "51323"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004738"
},
{
"db": "NVD",
"id": "CVE-2012-5293"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-102"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redgraphic:sapid_cms:1.2.3:stable:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-5293"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Opa Yong",
"sources": [
{
"db": "BID",
"id": "51323"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-102"
}
],
"trust": 0.9
},
"cve": "CVE-2012-5293",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2012-5293",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "ceb4643e-1f78-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-5293",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201201-102",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "ceb4643e-1f78-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ceb4643e-1f78-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004738"
},
{
"db": "NVD",
"id": "CVE-2012-5293"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-102"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple PHP remote file inclusion vulnerabilities in SAPID CMS 1.2.3 Stable allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[root_path] parameter to usr/extensions/get_tree.inc.php or (2) root_path parameter to usr/extensions/get_infochannel.inc.php. (1) usr/extensions/get_tree.inc.php of GLOBALS[root_path] Parameters (2) usr/extensions/get_infochannel.inc.php of root_path Parameters. SAPID CMS is a content management system. \nAn attacker can exploit these vulnerabilities to obtain potentially sensitive information or to execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible. \nSAPID CMS 1.2.3 is vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-5293"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004738"
},
{
"db": "CNVD",
"id": "CNVD-2012-0058"
},
{
"db": "BID",
"id": "51323"
},
{
"db": "IVD",
"id": "ceb4643e-1f78-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-5293",
"trust": 2.9
},
{
"db": "BID",
"id": "51323",
"trust": 2.5
},
{
"db": "OSVDB",
"id": "82476",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "82475",
"trust": 1.6
},
{
"db": "EXPLOIT-DB",
"id": "18342",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2012-0058",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201201-102",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004738",
"trust": 0.8
},
{
"db": "XF",
"id": "72238",
"trust": 0.6
},
{
"db": "IVD",
"id": "CEB4643E-1F78-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "ceb4643e-1f78-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0058"
},
{
"db": "BID",
"id": "51323"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004738"
},
{
"db": "NVD",
"id": "CVE-2012-5293"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-102"
}
]
},
"id": "VAR-201210-0426",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ceb4643e-1f78-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0058"
}
],
"trust": 1.09166666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "ceb4643e-1f78-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0058"
}
]
},
"last_update_date": "2023-12-18T12:09:37.845000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SAPID",
"trust": 0.8,
"url": "http://sapid.sourceforge.net/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-004738"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-004738"
},
{
"db": "NVD",
"id": "CVE-2012-5293"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.exploit-db.com/exploits/18342"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/82475"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/82476"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/51323"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72238"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5293"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-5293"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/51323/"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/72238"
},
{
"trust": 0.3,
"url": "http://sapid.sourceforge.net/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0058"
},
{
"db": "BID",
"id": "51323"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004738"
},
{
"db": "NVD",
"id": "CVE-2012-5293"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-102"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ceb4643e-1f78-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0058"
},
{
"db": "BID",
"id": "51323"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004738"
},
{
"db": "NVD",
"id": "CVE-2012-5293"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-102"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-01-11T00:00:00",
"db": "IVD",
"id": "ceb4643e-1f78-11e6-abef-000c29c66e3d"
},
{
"date": "2012-01-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0058"
},
{
"date": "2012-01-09T00:00:00",
"db": "BID",
"id": "51323"
},
{
"date": "2012-10-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004738"
},
{
"date": "2012-10-04T16:55:01.040000",
"db": "NVD",
"id": "CVE-2012-5293"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201201-102"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-01-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0058"
},
{
"date": "2012-10-08T18:40:00",
"db": "BID",
"id": "51323"
},
{
"date": "2012-10-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004738"
},
{
"date": "2017-08-29T01:32:37.447000",
"db": "NVD",
"id": "CVE-2012-5293"
},
{
"date": "2012-01-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201201-102"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201201-102"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAPID CMS In PHP Remote file inclusion vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-004738"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code injection",
"sources": [
{
"db": "IVD",
"id": "ceb4643e-1f78-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-102"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…