Vulnerability Description
Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset keyword to the select function, or unspecified vectors to the (3) select.limit or (4) select.offset function.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sqlalchemy | Sqlalchemy | <= 0.7.0 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2012-0369.html
- http://secunia.com/advisories/48327Vendor Advisory
- http://secunia.com/advisories/48328Vendor Advisory
- http://secunia.com/advisories/48771Vendor Advisory
- http://www.debian.org/security/2012/dsa-2449
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:059
- http://www.sqlalchemy.org/changelog/CHANGES_0_7_0
- http://www.sqlalchemy.org/trac/changeset/852b6a1a87e7/ExploitPatch
- https://bugs.launchpad.net/keystone/+bug/918608
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73756
- http://rhn.redhat.com/errata/RHSA-2012-0369.html
- http://secunia.com/advisories/48327Vendor Advisory
- http://secunia.com/advisories/48328Vendor Advisory
- http://secunia.com/advisories/48771Vendor Advisory
- http://www.debian.org/security/2012/dsa-2449
FAQ
What is CVE-2012-0805?
CVE-2012-0805 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset keyword to the select...
How severe is CVE-2012-0805?
CVE-2012-0805 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-0805?
Check the references section above for vendor advisories and patch information. Affected products include: Sqlalchemy Sqlalchemy.