CVE-2012-10047

Critical CVSS 10.0

Overview

Cyclope Employee Surveillance Solution versions 6.x is vulnerable to a SQL injection flaw in its login mechanism. The username parameter in the auth-login POST request is not properly sanitized, allowing attackers to inject arbitrary SQL statements. This can be leveraged to write and execute a malicious PHP file on disk, resulting in remote code execution under the SYSTEM user context.

CWE: CWE-89 Published: 2025-08-08T19:15:34.750

Risk analysis

This vulnerability is rated 🔴 CRITICAL.

CVSS: 10.0 (CRITICAL)
Detected tags: rce, sql (tag impact: VERY HIGH)

Recommended actions:

Patch/upgrade immediately (remote code execution).
Reduce exposure (WAF/segmentation), minimize attack surface.
Use parameterized queries/ORM (avoid string concatenation).
Add WAF rules and input validation.

Overview

Recommended tools

Tags