CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2012-3998

HIGH
7.5
CVSS Severity Score
EPSS Score0.0960%
EPSS Percentile4.01th
Published2012年7月12日
Last Modified2026年4月29日

Vulnerability Description

Multiple SQL injection vulnerabilities in Sticky Notes before 0.2.27052012.5 allow remote attackers to execute arbitrary SQL commands via the (1) paste id in admin/modules/mod_pastes.php or (2) show.php, (3) user id to admin/modules/mod_users.php, (4) project to list.php, or (5) session id to show.php.

Affected Platforms (CPE)

📦
Sayakbanerjee

Sticky Notes

<= 0.2.27052012.5
📦
Sayakbanerjee

Sticky Notes

= 0.2.27052012.4

References & Advisories

🔗 http://gitorious.org/sticky-notes/sticky-notes/commit/d97475f07520d61af3d20fbaeb2e9a974c190308
🔗 http://lists.fedoraproject.org/pipermail/package-announce/2012-June/083120.html
🔗 http://lists.fedoraproject.org/pipermail/package-announce/2012-June/083169.html
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=810928
🔗 http://gitorious.org/sticky-notes/sticky-notes/commit/d97475f07520d61af3d20fbaeb2e9a974c190308
🔗 http://lists.fedoraproject.org/pipermail/package-announce/2012-June/083120.html
🔗 http://lists.fedoraproject.org/pipermail/package-announce/2012-June/083169.html
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=810928

相關漏洞威脅

CVE-2021-479727.5

Sticky Notes & Color Widgets 1.4.2 contains a denial of service vulnerability that allows attackers to crash the application by cr...

CVE-2021-479737.5

Sticky Notes Widget 3.0.6 contains a denial of service vulnerability that allows attackers to crash the application by pasting exc...

CVE-2011-26304.3

Opera before 11.11 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page t...

CVE-2012-39994.3

Cross-site scripting (XSS) vulnerability in admin/login.php in Sticky Notes 0.3.09062012.4 and earlier allows remote attackers to ...