Blind SQL Injection Vulnerability in ARC2 (aka ARC2_StoreSelectQueryHandler.php)

Blind SQL Injection Vulnerability in ARC2 (aka ARC2_StoreSelectQueryHandler.php)

CVE-2012-5872 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

ARC (aka ARC2) through 2011-12-01 allows blind SQL Injection in getTriplePatternSQL in ARC2_StoreSelectQueryHandler.php via comments in a SPARQL WHERE clause.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.