CVE-2012-4951

Multiple SQL injection vulnerabilities in terminal/paramedit.aspx in VeriFone VeriCentre Web Console before 2.2 build 36 allow remote attackers to execute arbitrary SQL commands via the (1) TerminalId, (2) ModelName, or (3) ApplicationName parameter.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:verifone:vericentre_web_console:*:*:*:*:*:*:*:*
cpe:2.3:a:verifone:vericentre_web_console:2.0:*:*:*:*:*:*:*
cpe:2.3:a:verifone:vericentre_web_console:2.0.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2012-11-15 11:58

Updated : 2024-02-04 18:16


NVD link : CVE-2012-4951

Mitre link : CVE-2012-4951

CVE.ORG link : CVE-2012-4951


JSON object : View

Products Affected

verifone

  • vericentre_web_console
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')