CVE-2012-10047
BaseFortify
Publication date: 2025-08-08
Last updated on: 2025-08-08
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cyclope | employee_surveillance_solution | 6.0 |
| cyclope | employee_surveillance_solution | 6.1 |
| cyclope | employee_surveillance_solution | 6.3 |
| cyclope | employee_surveillance_solution | 6.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
Cyclope Employee Surveillance Solution versions 6.x has a SQL injection vulnerability in its login mechanism. Specifically, the username parameter in the authentication login POST request is not properly sanitized, which allows attackers to inject arbitrary SQL statements. This flaw can be exploited to write and execute a malicious PHP file on the server, leading to remote code execution with SYSTEM user privileges.
How can this vulnerability impact me? :
This vulnerability can have severe impacts as it allows attackers to execute arbitrary code remotely on the affected system with SYSTEM-level privileges. This means attackers can take full control of the system, potentially leading to data theft, system compromise, unauthorized access, and disruption of services.