Description
SQL injection vulnerability in SpiceWorks 5.3.75941 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to api_v2.json. NOTE: this entry was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6658 is for the XSS.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by dookie · textwebappswindows
https://www.exploit-db.com/exploits/20063
References (4)
Core 4
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/54647
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/77174
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/84113
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/20063
Scores
EPSS
0.0094
EPSS Percentile
76.4%
Details
CWE
CWE-89
Status
published
Products (1)
spiceworks/spiceworks
5.3.75941
Published
Sep 17, 2014
Tracked Since
Feb 18, 2026