CVE-2012-0805
Description
Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset keyword to the select function, or unspecified vectors to the (3) select.limit or (4) select.offset function.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.649
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2012-0805 are fixed in Python-sqlalchemy 0.7.0b4 | Windows |
| Python-sqlalchemy update (CESA-2012:0369) python-sqlalchemy-0.5.5-3.el6_2.noarch.rpm | Linux |
| (RHSA-2012:0369) Moderate: python-sqlalchemy security update python-sqlalchemy-0.5.5-3.el6_2.noarch.rpm | Linux |
| Python-sqlalchemy update (ELSA-2012-0369) python-sqlalchemy-0.5.5-3.el6_2.noarch.rpm | Linux |
| Vulnerabilities CVE-2012-0805 are fixed in Python-sqlalchemy for linux 0.7.0b4 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234