CVE-2012-5861
Severity CVSS v4.0:
Pending analysis
Type:
CWE-89
SQL Injection
Publication date:
23/11/2012
Last modified:
08/07/2025
Description
These Sinapsi devices do not check the validity of the data before <br />
executing queries. By accessing the SQL table of certain pages that do <br />
not require authentication within the device, attackers can leak <br />
information from the device. This could allow the attacker to compromise<br />
confidentiality.
Impact
Base Score 2.0
7.80
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:sinapsitech:sinapsi_firmware:*:*:*:*:*:*:*:* | 2.0.2870 (including) | |
| cpe:2.3:h:sinapsitech:esolar_duo_photovoltaic_system_monitor:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sinapsitech:esolar_light_photovoltaic_system_monitor:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sinapsitech:esolar_photovoltaic_system_monitor:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html
- http://www.exploit-db.com/exploits/21273/
- http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80200
- https://www.cisa.gov/news-events/ics-advisories/icsa-12-325-01
- http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html
- http://www.exploit-db.com/exploits/21273/
- http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80201