Unrated severityNVD Advisory· Published Nov 17, 2012· Updated Apr 29, 2026

CVE-2012-5900

Description

Multiple SQL injection vulnerabilities in SAMEDIA LandShop 0.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) OB_ID parameter in a single action to admin/action/objects.php, (2) AREA_ID parameter in a single action to admin/action/areas.php, or (3) start parameter in a show action to admin/action/pdf.php.

Affected products

Samedia/Landshop
cpe:2.3:a:samedia:landshop:0.9.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

osvdb.org/80796nvdExploit
packetstormsecurity.org/files/111415/Landshop-0.9.2-Cross-Site-Scripting-SQL-Injection.htmlnvdExploit
www.exploit-db.com/exploits/18687nvdExploit
secunia.com/advisories/48661nvdVendor Advisory
osvdb.org/80797nvd
osvdb.org/80798nvd
vulnerability-lab.com/get_content.phpnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000