CVE-2012-3554 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	7.5 UNKNOWN	NETWORK	LOW	AV:N/AC:L/Au:N/C:P/I:P/A:P
mitre	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 60%

Vendor	Product	Version
rsgallery2	com_rsgallery2	𝑥 ≤ 2.2.1
rsgallery2	com_rsgallery2	1.9.0-4:alpha
rsgallery2	com_rsgallery2	1.9.4:alpha
rsgallery2	com_rsgallery2	1.9.5:alpha
rsgallery2	com_rsgallery2	1.10.1:alpha
rsgallery2	com_rsgallery2	1.10.2:alpha
rsgallery2	com_rsgallery2	1.10.5:alpha
rsgallery2	com_rsgallery2	1.10.6:alpha
rsgallery2	com_rsgallery2	1.10.7:alpha
rsgallery2	com_rsgallery2	1.10.8:alpha
rsgallery2	com_rsgallery2	1.10.9:alpha
rsgallery2	com_rsgallery2	1.10.10:alpha
rsgallery2	com_rsgallery2	1.10.11:alpha
rsgallery2	com_rsgallery2	1.10.13:alpha
rsgallery2	com_rsgallery2	1.10.14:alpha
rsgallery2	com_rsgallery2	1.11.0:alpha
rsgallery2	com_rsgallery2	1.11.1:alpha
rsgallery2	com_rsgallery2	1.11.2:alpha
rsgallery2	com_rsgallery2	1.11.3:alpha
rsgallery2	com_rsgallery2	1.11.4:alpha
rsgallery2	com_rsgallery2	1.11.5:alpha
rsgallery2	com_rsgallery2	1.11.6:alpha
rsgallery2	com_rsgallery2	1.11.7:alpha
rsgallery2	com_rsgallery2	1.11.8:alpha
rsgallery2	com_rsgallery2	1.11.10:alpha
rsgallery2	com_rsgallery2	1.11.11:alpha
rsgallery2	com_rsgallery2	1.12.0:alpha
rsgallery2	com_rsgallery2	1.12.1:alpha
rsgallery2	com_rsgallery2	1.12.2:alpha
rsgallery2	com_rsgallery2	1.13.0:alpha
rsgallery2	com_rsgallery2	1.13.1:alpha
rsgallery2	com_rsgallery2	1.14.0:alpha
rsgallery2	com_rsgallery2	1.14.1:alpha
rsgallery2	com_rsgallery2	2.1.0:beta
rsgallery2	com_rsgallery2	2.1.1
rsgallery2	com_rsgallery2	2.2.0
rsgallery2	com_rsgallery2	𝑥 ≤ 3.1.0
rsgallery2	com_rsgallery2	1.9.0-4:alpha
rsgallery2	com_rsgallery2	1.9.4:alpha
rsgallery2	com_rsgallery2	1.9.5:alpha
rsgallery2	com_rsgallery2	1.10.1:alpha
rsgallery2	com_rsgallery2	1.10.2:alpha
rsgallery2	com_rsgallery2	1.10.5:alpha
rsgallery2	com_rsgallery2	1.10.6:alpha
rsgallery2	com_rsgallery2	1.10.7:alpha
rsgallery2	com_rsgallery2	1.10.8:alpha
rsgallery2	com_rsgallery2	1.10.9:alpha
rsgallery2	com_rsgallery2	1.10.10:alpha
rsgallery2	com_rsgallery2	1.10.11:alpha
rsgallery2	com_rsgallery2	1.10.13:alpha
rsgallery2	com_rsgallery2	1.10.14:alpha
rsgallery2	com_rsgallery2	1.11.0:alpha
rsgallery2	com_rsgallery2	1.11.1:alpha
rsgallery2	com_rsgallery2	1.11.2:alpha
rsgallery2	com_rsgallery2	1.11.3:alpha
rsgallery2	com_rsgallery2	1.11.4:alpha
rsgallery2	com_rsgallery2	1.11.5:alpha
rsgallery2	com_rsgallery2	1.11.6:alpha
rsgallery2	com_rsgallery2	1.11.7:alpha
rsgallery2	com_rsgallery2	1.11.8:alpha
rsgallery2	com_rsgallery2	1.11.10:alpha
rsgallery2	com_rsgallery2	1.11.11:alpha
rsgallery2	com_rsgallery2	1.12.0:alpha
rsgallery2	com_rsgallery2	1.12.1:alpha
rsgallery2	com_rsgallery2	1.12.2:alpha
rsgallery2	com_rsgallery2	1.13.0:alpha
rsgallery2	com_rsgallery2	1.13.1:alpha
rsgallery2	com_rsgallery2	1.14.0:alpha
rsgallery2	com_rsgallery2	1.14.1:alpha
rsgallery2	com_rsgallery2	2.1.0:beta
rsgallery2	com_rsgallery2	2.1.1
rsgallery2	com_rsgallery2	2.2.0
rsgallery2	com_rsgallery2	2.2.1
rsgallery2	com_rsgallery2	2.3.0
rsgallery2	com_rsgallery2	3.0:rc1
rsgallery2	com_rsgallery2	3.0.1
rsgallery2	com_rsgallery2	3.2.0

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

References

http://extensions.joomla.org/extensions/photos-a-images/photo-gallery/142

http://joomlacode.org/gf/project/rsgallery2/news/

http://www.rsgallery2.nl/announcements/rsgallery2_3.2.0_and_2.3.0_released_16845.0.html

http://extensions.joomla.org/extensions/photos-a-images/photo-gallery/142

http://joomlacode.org/gf/project/rsgallery2/news/

http://www.rsgallery2.nl/announcements/rsgallery2_3.2.0_and_2.3.0_released_16845.0.html