Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities by batavi
CVE-2011-0525 (GCVE-0-2011-0525)
Vulnerability from cvelistv5 – Published: 2020-02-05 20:18 – Updated: 2024-08-06 21:58
VLAI
EPSS
VEX
Summary
Batavi before 1.0 has CSRF.
Severity
No CVSS data available.
CWE
- Cross-Site Request Forgery
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://packetstormsecurity.com/files/cve/CVE-2011-0525 | x_refsource_MISC |
| https://www.openwall.com/lists/oss-security/2011/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:58:25.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/cve/CVE-2011-0525"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/01/27/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Batavi",
"vendor": "Batavi",
"versions": [
{
"status": "affected",
"version": "before 1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Batavi before 1.0 has CSRF."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Request Forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-05T20:18:18.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/cve/CVE-2011-0525"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2011/01/27/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-0525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Batavi",
"version": {
"version_data": [
{
"version_value": "before 1.0"
}
]
}
}
]
},
"vendor_name": "Batavi"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Batavi before 1.0 has CSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/cve/CVE-2011-0525",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/cve/CVE-2011-0525"
},
{
"name": "https://www.openwall.com/lists/oss-security/2011/01/27/3",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2011/01/27/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-0525",
"datePublished": "2020-02-05T20:18:18.000Z",
"dateReserved": "2011-01-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:58:25.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2289 (GCVE-0-2013-2289)
Vulnerability from cvelistv5 – Published: 2014-03-11 15:00 – Updated: 2024-08-06 15:36
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in admin/templates/default.php in Batavi 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to admin/index.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.dognaedis.com/vulns/DGS-SEC-18.html | x_refsource_MISC |
| http://secunia.com/advisories/52464 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2013-03-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:36:44.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dognaedis.com/vulns/DGS-SEC-18.html"
},
{
"name": "52464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52464"
},
{
"name": "batavi-index-xss(82583)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82583"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in admin/templates/default.php in Batavi 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to admin/index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dognaedis.com/vulns/DGS-SEC-18.html"
},
{
"name": "52464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52464"
},
{
"name": "batavi-index-xss(82583)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82583"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2289",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in admin/templates/default.php in Batavi 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to admin/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dognaedis.com/vulns/DGS-SEC-18.html",
"refsource": "MISC",
"url": "https://www.dognaedis.com/vulns/DGS-SEC-18.html"
},
{
"name": "52464",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52464"
},
{
"name": "batavi-index-xss(82583)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82583"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2289",
"datePublished": "2014-03-11T15:00:00.000Z",
"dateReserved": "2013-02-26T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:36:44.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0069 (GCVE-0-2012-0069)
Vulnerability from cvelistv5 – Published: 2012-01-24 18:00 – Updated: 2024-08-06 18:16
VLAI
EPSS
VEX
Summary
SQL injection vulnerability in ajax.php in Batavi before 1.2.1 allows remote attackers to execute arbitrary SQL commands via the boxToReload parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://osvdb.org/78362 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/51547 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.openwall.com/lists/oss-security/2012/01/20/6 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2012/01/18/9 | mailing-listx_refsource_MLIST |
| http://secunia.com/advisories/47582 | third-party-advisoryx_refsource_SECUNIA |
| http://voxel.dl.sourceforge.net/project/batavi/RE… | x_refsource_CONFIRM |
Date Public
2012-01-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:18.441Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "78362",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78362"
},
{
"name": "51547",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51547"
},
{
"name": "batavi-ajax-sql-injection(72449)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72449"
},
{
"name": "[oss-security] 20120119 Re: CVE request - Batavi 1.2.1 Fixes Blind SQL Injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/20/6"
},
{
"name": "[oss-security] 20120118 CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/18/9"
},
{
"name": "47582",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47582"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://voxel.dl.sourceforge.net/project/batavi/README.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in ajax.php in Batavi before 1.2.1 allows remote attackers to execute arbitrary SQL commands via the boxToReload parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "78362",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78362"
},
{
"name": "51547",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51547"
},
{
"name": "batavi-ajax-sql-injection(72449)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72449"
},
{
"name": "[oss-security] 20120119 Re: CVE request - Batavi 1.2.1 Fixes Blind SQL Injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/20/6"
},
{
"name": "[oss-security] 20120118 CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/18/9"
},
{
"name": "47582",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47582"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://voxel.dl.sourceforge.net/project/batavi/README.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-0069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in ajax.php in Batavi before 1.2.1 allows remote attackers to execute arbitrary SQL commands via the boxToReload parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "78362",
"refsource": "OSVDB",
"url": "http://osvdb.org/78362"
},
{
"name": "51547",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51547"
},
{
"name": "batavi-ajax-sql-injection(72449)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72449"
},
{
"name": "[oss-security] 20120119 Re: CVE request - Batavi 1.2.1 Fixes Blind SQL Injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/01/20/6"
},
{
"name": "[oss-security] 20120118 CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/01/18/9"
},
{
"name": "47582",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47582"
},
{
"name": "http://voxel.dl.sourceforge.net/project/batavi/README.txt",
"refsource": "CONFIRM",
"url": "http://voxel.dl.sourceforge.net/project/batavi/README.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-0069",
"datePublished": "2012-01-24T18:00:00.000Z",
"dateReserved": "2011-12-07T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:16:18.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0525 (GCVE-0-2011-0525)
Vulnerability from nvd – Published: 2020-02-05 20:18 – Updated: 2024-08-06 21:58
VLAI
EPSS
VEX
Summary
Batavi before 1.0 has CSRF.
Severity
No CVSS data available.
CWE
- Cross-Site Request Forgery
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://packetstormsecurity.com/files/cve/CVE-2011-0525 | x_refsource_MISC |
| https://www.openwall.com/lists/oss-security/2011/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:58:25.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/cve/CVE-2011-0525"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/01/27/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Batavi",
"vendor": "Batavi",
"versions": [
{
"status": "affected",
"version": "before 1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Batavi before 1.0 has CSRF."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Request Forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-05T20:18:18.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/cve/CVE-2011-0525"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2011/01/27/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-0525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Batavi",
"version": {
"version_data": [
{
"version_value": "before 1.0"
}
]
}
}
]
},
"vendor_name": "Batavi"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Batavi before 1.0 has CSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/cve/CVE-2011-0525",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/cve/CVE-2011-0525"
},
{
"name": "https://www.openwall.com/lists/oss-security/2011/01/27/3",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2011/01/27/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-0525",
"datePublished": "2020-02-05T20:18:18.000Z",
"dateReserved": "2011-01-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:58:25.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2289 (GCVE-0-2013-2289)
Vulnerability from nvd – Published: 2014-03-11 15:00 – Updated: 2024-08-06 15:36
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in admin/templates/default.php in Batavi 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to admin/index.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.dognaedis.com/vulns/DGS-SEC-18.html | x_refsource_MISC |
| http://secunia.com/advisories/52464 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2013-03-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:36:44.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dognaedis.com/vulns/DGS-SEC-18.html"
},
{
"name": "52464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52464"
},
{
"name": "batavi-index-xss(82583)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82583"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in admin/templates/default.php in Batavi 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to admin/index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dognaedis.com/vulns/DGS-SEC-18.html"
},
{
"name": "52464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52464"
},
{
"name": "batavi-index-xss(82583)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82583"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2289",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in admin/templates/default.php in Batavi 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to admin/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dognaedis.com/vulns/DGS-SEC-18.html",
"refsource": "MISC",
"url": "https://www.dognaedis.com/vulns/DGS-SEC-18.html"
},
{
"name": "52464",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52464"
},
{
"name": "batavi-index-xss(82583)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82583"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2289",
"datePublished": "2014-03-11T15:00:00.000Z",
"dateReserved": "2013-02-26T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:36:44.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0069 (GCVE-0-2012-0069)
Vulnerability from nvd – Published: 2012-01-24 18:00 – Updated: 2024-08-06 18:16
VLAI
EPSS
VEX
Summary
SQL injection vulnerability in ajax.php in Batavi before 1.2.1 allows remote attackers to execute arbitrary SQL commands via the boxToReload parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://osvdb.org/78362 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/51547 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.openwall.com/lists/oss-security/2012/01/20/6 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2012/01/18/9 | mailing-listx_refsource_MLIST |
| http://secunia.com/advisories/47582 | third-party-advisoryx_refsource_SECUNIA |
| http://voxel.dl.sourceforge.net/project/batavi/RE… | x_refsource_CONFIRM |
Date Public
2012-01-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:18.441Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "78362",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78362"
},
{
"name": "51547",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51547"
},
{
"name": "batavi-ajax-sql-injection(72449)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72449"
},
{
"name": "[oss-security] 20120119 Re: CVE request - Batavi 1.2.1 Fixes Blind SQL Injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/20/6"
},
{
"name": "[oss-security] 20120118 CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/18/9"
},
{
"name": "47582",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47582"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://voxel.dl.sourceforge.net/project/batavi/README.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in ajax.php in Batavi before 1.2.1 allows remote attackers to execute arbitrary SQL commands via the boxToReload parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "78362",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78362"
},
{
"name": "51547",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51547"
},
{
"name": "batavi-ajax-sql-injection(72449)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72449"
},
{
"name": "[oss-security] 20120119 Re: CVE request - Batavi 1.2.1 Fixes Blind SQL Injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/20/6"
},
{
"name": "[oss-security] 20120118 CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/18/9"
},
{
"name": "47582",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47582"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://voxel.dl.sourceforge.net/project/batavi/README.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-0069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in ajax.php in Batavi before 1.2.1 allows remote attackers to execute arbitrary SQL commands via the boxToReload parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "78362",
"refsource": "OSVDB",
"url": "http://osvdb.org/78362"
},
{
"name": "51547",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51547"
},
{
"name": "batavi-ajax-sql-injection(72449)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72449"
},
{
"name": "[oss-security] 20120119 Re: CVE request - Batavi 1.2.1 Fixes Blind SQL Injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/01/20/6"
},
{
"name": "[oss-security] 20120118 CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/01/18/9"
},
{
"name": "47582",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47582"
},
{
"name": "http://voxel.dl.sourceforge.net/project/batavi/README.txt",
"refsource": "CONFIRM",
"url": "http://voxel.dl.sourceforge.net/project/batavi/README.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-0069",
"datePublished": "2012-01-24T18:00:00.000Z",
"dateReserved": "2011-12-07T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:16:18.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}