Unrated severityNVD Advisory· Published May 20, 2015· Updated May 6, 2026

CVE-2012-1665

Description

Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow (1) remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or (2) remote administrators to execute arbitrary SQL commands via the status parameter to admin/stats_monthly_sales.php or (3) country parameter in a process action to admin/create_account_process.php.

Affected products

Oscmax/Oscmax
cpe:2.3:a:oscmax:oscmax:*:*:*:*:*:*:*:*
Range: <=2.5.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.htbridge.com/advisory/HTB23081nvdExploit
archives.neohapsis.com/archives/bugtraq/2012-04/0021.htmlnvd
bugtrack.oscmax.com/view.phpnvd
www.oscmax.com/blog/michael_s/oscmax_v251_has_been_released_security_updatenvd
www.osvdb.org/80900nvd
www.osvdb.org/80901nvd
www.osvdb.org/80902nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000