CVE-2012-6427

CVE-2012-6427: Carlo Gavazzi EOS Box SQL Injection

Vendor Carlo Gavazzi Automation

Product EOS-Box

Weakness CWE-89 · SQLi

Published December 23, 2012

Last update July 1, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Carlo Gavazzi EOS-Box does not check the validity of the data before executing queries. By accessing the SQL table of certain pages that do not require authentication, attackers can leak information from the device. This could allow the attacker to compromise confidentiality.

Key dates

02Disclosure timeline

December 23, 2012 CVE published

July 1, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2012-6427 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2023-0784 SourceCodester Best Online News Portal Login Page sql injection CVE-2026-2232 Product Table and List Builder for WooCommerce Lite <= 4.6.2 - Unauthenticated Time-Based SQL Injection via 'search' Parameter CVE-2024-6338 FV Player <= 7.5.46.7212 - Authenticated (Subscriber+) SQL Injection via exclude Parameter CVE-2021-21916 CVE-2024-8346 SourceCodester Computer Laboratory Management System SystemSettings.php update_settings_info sql injection