CyberSec.Space Logo
Back to CVE Browser

CVE-2012-3998

HIGH
7.5
CVSS Severity Score
EPSS Score0.0960%
EPSS Percentile4.01th
PublishedJul 12, 2012
Last ModifiedApr 29, 2026

Vulnerability Description

Multiple SQL injection vulnerabilities in Sticky Notes before 0.2.27052012.5 allow remote attackers to execute arbitrary SQL commands via the (1) paste id in admin/modules/mod_pastes.php or (2) show.php, (3) user id to admin/modules/mod_users.php, (4) project to list.php, or (5) session id to show.php.

Affected Platforms (CPE)

πŸ“¦
Sayakbanerjee

Sticky Notes

<= 0.2.27052012.5
πŸ“¦
Sayakbanerjee

Sticky Notes

= 0.2.27052012.4

References & Advisories

πŸ”— http://gitorious.org/sticky-notes/sticky-notes/commit/d97475f07520d61af3d20fbaeb2e9a974c190308
πŸ”— http://lists.fedoraproject.org/pipermail/package-announce/2012-June/083120.html
πŸ”— http://lists.fedoraproject.org/pipermail/package-announce/2012-June/083169.html
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=810928
πŸ”— http://gitorious.org/sticky-notes/sticky-notes/commit/d97475f07520d61af3d20fbaeb2e9a974c190308
πŸ”— http://lists.fedoraproject.org/pipermail/package-announce/2012-June/083120.html
πŸ”— http://lists.fedoraproject.org/pipermail/package-announce/2012-June/083169.html
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=810928

Related Vulnerabilities

CVE-2021-479727.5

Sticky Notes & Color Widgets 1.4.2 contains a denial of service vulnerability that allows attackers to crash the application by cr...

CVE-2021-479737.5

Sticky Notes Widget 3.0.6 contains a denial of service vulnerability that allows attackers to crash the application by pasting exc...

CVE-2011-26304.3

Opera before 11.11 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page t...

CVE-2012-39994.3

Cross-site scripting (XSS) vulnerability in admin/login.php in Sticky Notes 0.3.09062012.4 and earlier allows remote attackers to ...