CVE-2012-6658

SpiceWorks 5.3.75941 - Cross-Site Scripting via SNMP Configuration Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-6658. PoCs published by dookie.

AI-analyzed exploit summary This exploit demonstrates a post-authentication SQL injection and a stored XSS vulnerability in SpiceWorks 5.3.75941. The SQLi allows retrieval of user credentials, while the XSS can be triggered via SNMP configuration.

Description

Multiple cross-site scripting (XSS) vulnerabilities in SpiceWorks 5.3.75941 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact, or (3) sysName configuration in snmpd.conf. NOTE: this entry was SPLIT from CVE-2012-2956 per ADT2 due to different vulnerability types.

Exploits (1)

exploitdb WORKING POC VERIFIED

by dookie · textwebappswindows

https://www.exploit-db.com/exploits/20063

View Code ZIP pw:eip

This exploit demonstrates a post-authentication SQL injection and a stored XSS vulnerability in SpiceWorks 5.3.75941. The SQLi allows retrieval of user credentials, while the XSS can be triggered via SNMP configuration.

Classification

Working Poc 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Reliable

Target: SpiceWorks 5.3.75941

Auth required

Prerequisites: Access to SpiceWorks API · Ability to modify SNMP configuration

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/49978/

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/84112

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/20063

Scores

EPSS 0.0183

EPSS Percentile 76.1%

Details

CWE

CWE-79

Status published

Products (1)

spiceworks/spiceworks 5.3.75941

Published Sep 17, 2014

Tracked Since Feb 18, 2026