CVE-2012-4927

EUVD-2012-4852
SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
Affected Products (NVD)
VendorProductVersion
limesurveylimesurvey
𝑥
≤ 1.90\+
limesurveylimesurvey
1.5.2
limesurveylimesurvey
1.49
limesurveylimesurvey
1.49:rc2
limesurveylimesurvey
1.49_rc2:_rc2
limesurveylimesurvey
1.52
limesurveylimesurvey
1.70
limesurveylimesurvey
1.80
limesurveylimesurvey
1.80:rc4
limesurveylimesurvey
1.80\+
limesurveylimesurvey
1.81
limesurveylimesurvey
1.81\+
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://freecode.com/projects/limesurvey/releases/342070
http://osvdb.org/79459
http://packetstormsecurity.org/files/110100/limesurvey-sql.txt
http://secunia.com/advisories/48051
http://www.exploit-db.com/exploits/18508
http://www.limesurvey.org/en/stable-release
http://www.securityfocus.com/bid/52114
https://exchange.xforce.ibmcloud.com/vulnerabilities/73395
http://freecode.com/projects/limesurvey/releases/342070
http://osvdb.org/79459
http://packetstormsecurity.org/files/110100/limesurvey-sql.txt
http://secunia.com/advisories/48051
http://www.exploit-db.com/exploits/18508
http://www.limesurvey.org/en/stable-release
http://www.securityfocus.com/bid/52114
https://exchange.xforce.ibmcloud.com/vulnerabilities/73395