CVE-2012-1258
MEDIUMPlixer Scrutinizer Netflow & Sflow Analyzer - Authentication Bypass
Title source: ruleDescription
cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer before 9.0.1.19899 does not validate user permissions, which allow remote attackers to add user accounts with administrator privileges via the newuser, pwd, and selectedUserGroup parameters.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Trustwave's SpiderLabs · textwebappsmultiple
https://www.exploit-db.com/exploits/18750
References (5)
Core 5
Core References
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.org/files/111791/Scrutinizer-8.6.2-Bypass-Cross-Site-Scripting-SQL-Injection.html
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://www.exploit-db.com/exploits/18750
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/bid/52989
VDB Entry x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/74824
Third Party Advisory x_refsource_misc
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/twsl2012-008-multiple-vulnerabilities-in-scrutinizer-netflow-sflow-analyzer/
Scores
CVSS v3
6.5
EPSS
0.0455
EPSS Percentile
89.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-287
Status
published
Products (1)
plixer/scrutinizer_netflow_\&_sflow_analyzer
< 9.0.1.19899
Published
Jan 09, 2020
Tracked Since
Feb 18, 2026