Description
Multiple SQL injection vulnerabilities in terminal/paramedit.aspx in VeriFone VeriCentre Web Console before 2.2 build 36 allow remote attackers to execute arbitrary SQL commands via the (1) TerminalId, (2) ModelName, or (3) ApplicationName parameter.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Cory Eubanks · textwebappsphp
https://www.exploit-db.com/exploits/38010
References (4)
Core 4
Core References
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/180091
Exploit x_refsource_misc
http://www.clearskies.net/documents/css-advisory-css1211-vericentre.pdf
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/56409
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/79832
Scores
EPSS
0.0804
EPSS Percentile
92.2%
Details
CWE
CWE-89
Status
published
Products (3)
verifone/vericentre_web_console
2.0
verifone/vericentre_web_console
2.0.1
verifone/vericentre_web_console
< 2.2
Published
Nov 15, 2012
Tracked Since
Feb 18, 2026