CVE-2012-4951

Name of the Vulnerable Software and Affected Versions VeriFone VeriCentre Web Console versions prior to 2.2 build 36

Description The issue concerns SQL injection vulnerabilities in the terminal/paramedit.aspx file. Remote attackers can execute arbitrary SQL commands by manipulating the TerminalId, ModelName, or ApplicationName parameters.

Recommendations For versions prior to 2.2 build 36, update to version 2.2 build 36 or later to resolve the issue. As a temporary workaround, consider restricting access to the terminal/paramedit.aspx file to minimize the risk of exploitation. Avoid using the TerminalId, ModelName, or ApplicationName parameters in the affected file until the issue is resolved.