CVE-2012-5872

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1700%

EPSS Percentile12.75th

Published2023年4月26日

Last Modified2025年2月3日

Vulnerability Description

ARC (aka ARC2) through 2011-12-01 allows blind SQL Injection in getTriplePatternSQL in ARC2_StoreSelectQueryHandler.php via comments in a SPARQL WHERE clause.

Affected Platforms (CPE)

📦

Arc2 Project

Arc2

<= 2011-12-01

References & Advisories

🔗 https://www.ush.it/2012/11/22/arc-v2011-12-01-multiple-vulnerabilities/

相關漏洞威脅

CVE-2009-054410.0

Buffer overflow in the PyCrypto ARC2 module 2.0.1 allows remote attackers to cause a denial of service and possibly execute arbitr...

CVE-2012-58735.3

ARC (aka ARC2) through 2011-12-01 allows reflected XSS via the end_point.php query parameter in an output=htmltab action.

CVE-2012-203210.0

Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denial of service (memory corruptio...

CVE-2012-029710.0

The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allo...