VYPR
Unrated severityNVD Advisory· Published May 20, 2015· Updated Jun 16, 2026

CVE-2012-1665

CVE-2012-1665

Description

Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow (1) remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or (2) remote administrators to execute arbitrary SQL commands via the status parameter to admin/stats_monthly_sales.php or (3) country parameter in a process action to admin/create_account_process.php.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Oscmax/Oscmax2 versions
    cpe:2.3:a:oscmax:oscmax:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:oscmax:oscmax:*:*:*:*:*:*:*:*range: <=2.5.0
    • (no CPE)range: <2.5.1

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.