CVE-2012-5900

Name of the Vulnerable Software and Affected Versions SAMEDIA LandShop version 0.9.2

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the OB ID parameter in a single action to "admin/action/objects.php", the AREA ID parameter in a single action to "admin/action/areas.php", or the start parameter in a show action to "admin/action/pdf.php".

Recommendations For SAMEDIA LandShop version 0.9.2, consider restricting access to the vulnerable API endpoints "admin/action/objects.php", "admin/action/areas.php", and "admin/action/pdf.php" to minimize the risk of exploitation. Avoid using the parameters OB ID, AREA ID, and start in these endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.