CVE-2012-5872

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1700%

EPSS Percentile12.75th

Published2023年4月26日

Last Modified2025年2月3日

Vulnerability Description

ARC (aka ARC2) through 2011-12-01 allows blind SQL Injection in getTriplePatternSQL in ARC2_StoreSelectQueryHandler.php via comments in a SPARQL WHERE clause.

Affected Platforms (CPE)

📦

Arc2 Project

Arc2

<= 2011-12-01

References & Advisories

🔗 https://www.ush.it/2012/11/22/arc-v2011-12-01-multiple-vulnerabilities/

相关漏洞威胁

CVE-2009-054410.0

Buffer overflow in the PyCrypto ARC2 module 2.0.1 allows remote attackers to cause a denial of service and possibly execute arbitr...

CVE-2012-58735.3

ARC (aka ARC2) through 2011-12-01 allows reflected XSS via the end_point.php query parameter in an output=htmltab action.

CVE-2012-280010.0

Unspecified vulnerability in the ff_ivi_process_empty_tile function in libavcodec/ivi_common.c in FFmpeg before 0.11, and Libav 0....

CVE-2012-280110.0

Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unkn...