Unrated severityNVD Advisory· Published Aug 26, 2012· Updated Apr 29, 2026

CVE-2012-4673

Description

SQL injection vulnerability in application/controllers/invoice.php in NeoInvoice might allow remote attackers to execute arbitrary SQL commands via vectors involving the sort_col variable in the list_items function, a different vulnerability than CVE-2012-3477.

Affected products

Thomas Hunter/Neoinvoice
cpe:2.3:a:thomas_hunter:neoinvoice:-:*:*:*:*:*:*:*

Patches

501a9d5d261c

https://github.com/mweimerskirch/neoinvoicevia nvd-ref

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/mweimerskirch/neoinvoice/commit/501a9d5d261c718913cfc13d212b09b56f3bf087nvdPatch
adamcaudill.com/2012/08/12/neoinvoice-blind-sql-injection-cve-2012-3477/nvdExploit
github.com/tlhunter/neoinvoice/issues/2nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000