CVE-2012-5872

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1700%

EPSS Percentile12.75th

PublishedApr 26, 2023

Last ModifiedFeb 3, 2025

Vulnerability Description

ARC (aka ARC2) through 2011-12-01 allows blind SQL Injection in getTriplePatternSQL in ARC2_StoreSelectQueryHandler.php via comments in a SPARQL WHERE clause.

Affected Platforms (CPE)

📦

Arc2 Project

Arc2

<= 2011-12-01

References & Advisories

🔗 https://www.ush.it/2012/11/22/arc-v2011-12-01-multiple-vulnerabilities/

Related Vulnerabilities

CVE-2009-054410.0

Buffer overflow in the PyCrypto ARC2 module 2.0.1 allows remote attackers to cause a denial of service and possibly execute arbitr...

CVE-2012-58735.3

ARC (aka ARC2) through 2011-12-01 allows reflected XSS via the end_point.php query parameter in an output=htmltab action.

CVE-2012-280010.0

Unspecified vulnerability in the ff_ivi_process_empty_tile function in libavcodec/ivi_common.c in FFmpeg before 0.11, and Libav 0....

CVE-2012-280110.0

Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unkn...