Vulnerability Description
SQL injection vulnerability in application/controllers/invoice.php in NeoInvoice might allow remote attackers to execute arbitrary SQL commands via vectors involving the sort_col variable in the list_items function, a different vulnerability than CVE-2012-3477.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Thomas Hunter | Neoinvoice | - |
Related Weaknesses (CWE)
References
- http://adamcaudill.com/2012/08/12/neoinvoice-blind-sql-injection-cve-2012-3477/Exploit
- https://github.com/mweimerskirch/neoinvoice/commit/501a9d5d261c718913cfc13d212b0Patch
- https://github.com/tlhunter/neoinvoice/issues/2
- http://adamcaudill.com/2012/08/12/neoinvoice-blind-sql-injection-cve-2012-3477/Exploit
- https://github.com/mweimerskirch/neoinvoice/commit/501a9d5d261c718913cfc13d212b0Patch
- https://github.com/tlhunter/neoinvoice/issues/2
FAQ
What is CVE-2012-4673?
CVE-2012-4673 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in application/controllers/invoice.php in NeoInvoice might allow remote attackers to execute arbitrary SQL commands via vectors involving the sort_col variable in the list_...
How severe is CVE-2012-4673?
CVE-2012-4673 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-4673?
Check the references section above for vendor advisories and patch information. Affected products include: Thomas Hunter Neoinvoice.