Critical severityNVD Advisory· Published Aug 8, 2025· Updated May 26, 2026
CVE-2012-10047
CVE-2012-10047
Description
Cyclope Employee Surveillance Solution versions 6.x are vulnerable to a SQL injection flaw in its login mechanism. The username parameter in the auth-login POST request is not properly sanitized, allowing attackers to inject arbitrary SQL statements. This can be leveraged to write and execute a malicious PHP file on disk, resulting in remote code execution under the SYSTEM user context.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: 6.x
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.