Description

Multiple SQL injection vulnerabilities in oc-admin/ajax/ajax.php in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) edit_category_post or (2) enable_category action to index.php.

Remediation

References

CVE-2012-5162

Related Vulnerabilities

Oracle JRE CVE-2020-2593 Vulnerability (CVE-2020-2593)

WordPress Plugin WP Mobile Edition Arbitrary File Disclosure (2.2.7)

WordPress Plugin About Author Box Cross-Site Scripting (1.0.1)

EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-7987)

Django Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0483)

Severity

Medium

Classification

CVE-2012-5162 CWE-138

Tags

Missing Update Known Vulnerabilities