Vulnerability Note VU#180091
VeriCentre web application SQL injection vulnerability
The VeriCentre web application contains a SQL injection vulnerability.
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The VeriCentre web application contains a SQL injection vulnerability within the TerminalId, ModelName, and ApplicationName parameters.
A remote authenticated attacker may be able to issue commands against the database.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|verifone||Affected||24 Sep 2012||01 Nov 2012|
CVSS Metrics (Learn More)
Thanks to Cory Eubanks, Clear Skies Security LLC, for reporting this vulnerability.
This document was written by Michael Orlando.
- CVE IDs: CVE-2012-4951
- Date Public: 06 Nov 2012
- Date First Published: 06 Nov 2012
- Date Last Updated: 06 Nov 2012
- Document Revision: 7
If you have feedback, comments, or additional information about this vulnerability, please send us email.