CVE-2012-5900 - Vulnerability Details - OpenCVE

Multiple SQL injection vulnerabilities in SAMEDIA LandShop 0.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) OB_ID parameter in a single action to admin/action/objects.php, (2) AREA_ID parameter in a single action to admin/action/areas.php, or (3) start parameter in a show action to admin/action/pdf.php.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Samedia	Landshop

Configuration 1 [-]

cpe:2.3:a:samedia:landshop:0.9.2:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://osvdb.org/80796
http://osvdb.org/80797
http://osvdb.org/80798
http://packetstormsecurity.org/files/111415/Landshop-0.9.2-Cross-Site-Scripting-SQL-Injection.html
http://secunia.com/advisories/48661
http://vulnerability-lab.com/get_content.php?id=485
http://www.exploit-db.com/exploits/18687

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-11-17T21:00:00Z

Updated: 2024-09-16T17:33:19.508Z

Reserved: 2012-11-17T00:00:00Z

Link: CVE-2012-5900

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2012-11-17T21:55:04.860

Modified: 2025-04-11T00:51:21.963

Link: CVE-2012-5900

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in SAMEDIA LandShop 0.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) OB_ID parameter in a single action to admin/action/objects.php, (2) AREA_ID parameter in a single action to admin/action/areas.php, or (3) start parameter in a show action to admin/action/pdf.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-11-17T21:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "80798", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/80798"}, {"name": "48661", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/48661"}, {"tags": ["x_refsource_MISC"], "url": "http://vulnerability-lab.com/get_content.php?id=485"}, {"name": "80796", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/80796"}, {"name": "80797", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/80797"}, {"name": "18687", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/18687"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.org/files/111415/Landshop-0.9.2-Cross-Site-Scripting-SQL-Injection.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-5900", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple SQL injection vulnerabilities in SAMEDIA LandShop 0.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) OB_ID parameter in a single action to admin/action/objects.php, (2) AREA_ID parameter in a single action to admin/action/areas.php, or (3) start parameter in a show action to admin/action/pdf.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "80798", "refsource": "OSVDB", "url": "http://osvdb.org/80798"}, {"name": "48661", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48661"}, {"name": "http://vulnerability-lab.com/get_content.php?id=485", "refsource": "MISC", "url": "http://vulnerability-lab.com/get_content.php?id=485"}, {"name": "80796", "refsource": "OSVDB", "url": "http://osvdb.org/80796"}, {"name": "80797", "refsource": "OSVDB", "url": "http://osvdb.org/80797"}, {"name": "18687", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/18687"}, {"name": "http://packetstormsecurity.org/files/111415/Landshop-0.9.2-Cross-Site-Scripting-SQL-Injection.html", "refsource": "MISC", "url": "http://packetstormsecurity.org/files/111415/Landshop-0.9.2-Cross-Site-Scripting-SQL-Injection.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:21:28.239Z"}, "title": "CVE Program Container", "references": [{"name": "80798", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/80798"}, {"name": "48661", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/48661"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://vulnerability-lab.com/get_content.php?id=485"}, {"name": "80796", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/80796"}, {"name": "80797", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/80797"}, {"name": "18687", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "http://www.exploit-db.com/exploits/18687"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.org/files/111415/Landshop-0.9.2-Cross-Site-Scripting-SQL-Injection.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-5900", "datePublished": "2012-11-17T21:00:00Z", "dateReserved": "2012-11-17T00:00:00Z", "dateUpdated": "2024-09-16T17:33:19.508Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samedia:landshop:0.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "61E48407-DC48-447D-9E36-D1199FBFF21D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in SAMEDIA LandShop 0.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) OB_ID parameter in a single action to admin/action/objects.php, (2) AREA_ID parameter in a single action to admin/action/areas.php, or (3) start parameter in a show action to admin/action/pdf.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en Samedia Country Store v0.9.2 permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de los par\u00e1metros (1) OB_ID en una acci\u00f3n \"single\" para admin/action/objects.php, (2) el par\u00e1metro AREA_ID en una acci\u00f3n 'single' en admin/acci\u00f3n/areas.php, o (3) el par\u00e1metro 'start' en una acci\u00f3n 'show' en admin/acci\u00f3n/pdf.php.\r\n"}], "id": "CVE-2012-5900", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-11-17T21:55:04.860", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://osvdb.org/80796"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/80797"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/80798"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://packetstormsecurity.org/files/111415/Landshop-0.9.2-Cross-Site-Scripting-SQL-Injection.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/48661"}, {"source": "cve@mitre.org", "url": "http://vulnerability-lab.com/get_content.php?id=485"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.exploit-db.com/exploits/18687"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://osvdb.org/80796"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/80797"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/80798"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://packetstormsecurity.org/files/111415/Landshop-0.9.2-Cross-Site-Scripting-SQL-Injection.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/48661"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://vulnerability-lab.com/get_content.php?id=485"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.exploit-db.com/exploits/18687"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}