CVE-2012-2956

SpiceWorks 5.3.75941 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-2956. PoCs published by dookie.

AI-analyzed exploit summary This exploit demonstrates a post-authentication SQL injection and a stored XSS vulnerability in SpiceWorks 5.3.75941. The SQLi allows retrieval of user credentials, while the XSS can be triggered via SNMP configuration.

Description

SQL injection vulnerability in SpiceWorks 5.3.75941 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to api_v2.json. NOTE: this entry was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6658 is for the XSS.

Exploits (1)

exploitdb WORKING POC VERIFIED

by dookie · textwebappswindows

https://www.exploit-db.com/exploits/20063

View Code ZIP pw:eip

This exploit demonstrates a post-authentication SQL injection and a stored XSS vulnerability in SpiceWorks 5.3.75941. The SQLi allows retrieval of user credentials, while the XSS can be triggered via SNMP configuration.

Classification

Working Poc 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Reliable

Target: SpiceWorks 5.3.75941

Auth required

Prerequisites: Access to SpiceWorks API · Ability to modify SNMP configuration

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/54647

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/77174

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/84113

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/20063

Scores

EPSS 0.0111

EPSS Percentile 61.5%

Details

CWE

CWE-89

Status published

Products (1)

spiceworks/spiceworks 5.3.75941

Published Sep 17, 2014

Tracked Since Feb 18, 2026