CVE-2012-1234
Advantech WebAccess 7.0 - Authenticated SQL Injection via Malformed URL
Title source: llmDescription
SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0234.
References (1)
Core 1
Core References
Patch, US Government Resource x_refsource_misc
http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf
Scores
EPSS
0.0025
EPSS Percentile
48.0%
Details
CWE
CWE-89
Status
published
Products (2)
advantech/advantech_webaccess
5.0
advantech/advantech_webaccess
< 6.0
Published
Feb 21, 2012
Tracked Since
Feb 18, 2026