Critical severityNVD Advisory· Published Aug 8, 2025· Updated Apr 15, 2026

CVE-2012-10047

Description

Cyclope Employee Surveillance Solution versions 6.x is vulnerable to a SQL injection flaw in its login mechanism. The username parameter in the auth-login POST request is not properly sanitized, allowing attackers to inject arbitrary SQL statements. This can be leveraged to write and execute a malicious PHP file on disk, resulting in remote code execution under the SYSTEM user context.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/cyclope_ess_sqli.rbnvd
www.cyclope-series.comnvd
www.exploit-db.com/exploits/20393nvd
www.exploit-db.com/exploits/20501nvd
www.vulncheck.com/advisories/cyclope-employee-surveillance-solution-sql-injectionnvd

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.043
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000