Vulnerabilities > CVE-2012-1002 - Unspecified vulnerability in Zakongroup Openconf

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
zakongroup
exploit available
NVD
Published: 2012-02-08
Updated: 2024-11-21

Summary

SQL injection vulnerability in author/edit.php in OpenConf 4.x before 4.12 allows remote attackers to execute arbitrary SQL commands via the pid parameter.

Vulnerable Configurations

Part Description Count
Application
Zakongroup
5

D2sec

nameOpenConf SQL Injection
urlhttp://www.d2sec.com/exploits/openconf_sql_injection.html

Exploit-Db

descriptionOpenConf <= 4.11 (author/edit.php) Remote Blind SQL Injection Exploit. CVE-2012-1002. Webapps exploit for php platform
fileexploits/php/webapps/18820.php
idEDB-ID:18820
last seen2016-02-02
modified2012-05-02
platformphp
port
published2012-05-02
reporterEgiX
sourcehttps://www.exploit-db.com/download/18820/
titleOpenConf <= 4.11 author/edit.php Remote Blind SQL Injection Exploit
typewebapps

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/112402/openconf-sql.txt
idPACKETSTORM:112402
last seen2016-12-05
published2012-05-02
reporterEgiX
sourcehttps://packetstormsecurity.com/files/112402/OpenConf-4.11-Blind-SQL-Injection.html
titleOpenConf 4.11 Blind SQL Injection

Seebug

bulletinFamilyexploit
descriptionNo description provided by source.
idSSV:72849
last seen2017-11-19
modified2014-07-01
published2014-07-01
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-72849
titleOpenConf <= 4.11 (author/edit.php) Remote Blind SQL Injection Exploit

References