CVE-2012-10047
Cyclope Employee Surveillance Solution v6.x SQL Injection
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Cyclope Employee Surveillance Solution versions 6.x is vulnerable to a SQL injection flaw in its login mechanism. The username parameter in the auth-login POST request is not properly sanitized, allowing attackers to inject arbitrary SQL statements. This can be leveraged to write and execute a malicious PHP file on disk, resulting in remote code execution under the SYSTEM user context.
| CWE | CWE-89 |
| Vendor | cyclope-series |
| Product | cyclope employee surveillance solution |
| Published | Aug 8, 2025 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for cyclope-series cyclope employee surveillance solution
Be the first to know when new unknown vulnerabilities affecting cyclope-series cyclope employee surveillance solution are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Cyclope-Series / Cyclope Employee Surveillance Solution
6.0
References
raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/cyclope_ess_sqli.rb exploit-db.com: https://www.exploit-db.com/exploits/20393 exploit-db.com: https://www.exploit-db.com/exploits/20501 cyclope-series.com: https://www.cyclope-series.com/ vulncheck.com: https://www.vulncheck.com/advisories/cyclope-employee-surveillance-solution-sql-injection
Credits
loneferret