Vulnerability Details CVE-2012-5244
Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter to functions/suggest.php; (5) the id parameter to functions/widgets.php, (6) the category parameter to functions/print.php; or (7) the name parameter to functions/ajax.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.028
EPSS Ranking 86.2%
CVSS Severity
CVSS v2 Score 7.5
References
- http://osvdb.org/88535
- http://osvdb.org/88536
- http://osvdb.org/88537
- http://osvdb.org/88538
- http://www.exploit-db.com/exploits/23573/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80746
- https://www.htbridge.com/advisory/HTB23118
- http://osvdb.org/88535
- http://osvdb.org/88536
- http://osvdb.org/88537
- http://osvdb.org/88538
- http://www.exploit-db.com/exploits/23573/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80746
- https://www.htbridge.com/advisory/HTB23118
Products affected by CVE-2012-5244
-
cpe:2.3:a:bananadance:banana_dance:0.9
-
cpe:2.3:a:bananadance:banana_dance:1.5