Security Advisory

CVE-2012-1665

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2015-05-20 18:00:00

Last updated 2024-08-06 19:01:02

Assigner mitre

State PUBLISHED

Description

Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow (1) remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or (2) remote administrators to execute arbitrary SQL commands via the status parameter to admin/stats_monthly_sales.php or (3) country parameter in a process action to admin/create_account_process.php.

← Browse all CVEs View on cve.org ↗