{"id":"CVE-2012-4570","details":"SQL injection vulnerability in LetoDMS_Core/Core/inc.ClassDMS.php in LetoDMS (formerly MyDMS) before 3.3.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.","modified":"2025-08-25T23:00:19Z","published":"2017-10-23T18:29:00Z","references":[{"type":"REPORT","url":"http://sourceforge.net/p/mydms/code/HEAD/tree/trunk/CHANGELOG"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/55822"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2012/10/06/1"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2012/10/31/7"}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}