Vulnerability Details : CVE-2012-1198
base_ag_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 allows remote attackers to execute arbitrary code by uploading contents of the file with an executable extension via a create action, then accessing it via a view action.
Vulnerability category: Input validationExecute code
Exploit prediction scoring system (EPSS) score for CVE-2012-1198
Probability of exploitation activity in the next 30 days: 9.90%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-1198
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2012-1198
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-1198
-
http://www.securityfocus.com/bid/51979
BASE Security Bypass and Multiple Remote File Include VulnerabilitiesExploit
-
http://packetstormsecurity.org/files/109663/BASE-1.4.5-Remote-File-Inclusion-Shell-Creation.html
BASE 1.4.5 Remote File Inclusion / Shell Creation ≈ Packet StormExploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/73201
BASE base_ag_main.php security bypass CVE-2012-1198 Vulnerability Report
Products affected by CVE-2012-1198
- cpe:2.3:a:secureideas:basic_analysis_and_security_engine:1.4.5:*:*:*:*:*:*:*