CVE-2012-1258

MEDIUM

Scrutinizer NetFlow & sFlow Analyzer < 9.0.1.19899 - Unauthenticated Privilege Escalation via User Preferences CGI

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-1258. PoCs published by Trustwave's SpiderLabs.

AI-analyzed exploit summary This is a detailed security advisory from Trustwave SpiderLabs describing multiple vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer, including authentication bypass, SQL injection, and XSS. It provides proof-of-concept examples for each vulnerability but does not include executable exploit code.

Description

cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer before 9.0.1.19899 does not validate user permissions, which allow remote attackers to add user accounts with administrator privileges via the newuser, pwd, and selectedUserGroup parameters.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Trustwave's SpiderLabs · textwebappsmultiple

https://www.exploit-db.com/exploits/18750

View Code ZIP pw:eip

This is a detailed security advisory from Trustwave SpiderLabs describing multiple vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer, including authentication bypass, SQL injection, and XSS. It provides proof-of-concept examples for each vulnerability but does not include executable exploit code.

Classification

Writeup 100%

Attack Type

Auth Bypass | Sqli | Xss

Complexity

Trivial

Reliability

Reliable

Target: Scrutinizer NetFlow and sFlow Analyzer 8.6.2 (8.6.2.16204)

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1055 - Process Injection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.org/files/111791/Scrutinizer-8.6.2-Bypass-Cross-Site-Scripting-SQL-Injection.html

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://www.exploit-db.com/exploits/18750

Third Party Advisory, VDB Entry x_refsource_misc

http://www.securityfocus.com/bid/52989

VDB Entry x_refsource_misc

https://exchange.xforce.ibmcloud.com/vulnerabilities/74824

Third Party Advisory x_refsource_misc

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/twsl2012-008-multiple-vulnerabilities-in-scrutinizer-netflow-sflow-analyzer/

Scores

CVSS v3 6.5

EPSS 0.0333

EPSS Percentile 87.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-287

Status published

Products (1)

plixer/scrutinizer_netflow_\&_sflow_analyzer < 9.0.1.19899

Published Jan 09, 2020

Tracked Since Feb 18, 2026