LiveActive security incident?Get immediate response
CVE Record

CVE-2012-10047: Cyclope Employee Surveillance Solution v6.x SQL Injection

Cyclope Employee Surveillance Solution versions 6.x is vulnerable to a SQL injection flaw in its login mechanism. The username parameter in the auth-login POST request is not properly sanitized, allowing attackers to inject arbitrary SQL statements. This can be leveraged to write and execute a malicious PHP file on disk, resulting in remote code execution under the SYSTEM user context.

CriticalCVSS 10Not KEV-listedUpdated
Glexia's TakeAutomated analysiscritical

Security readout for executives and security teams

Plain-English summary

Cyclope Employee Surveillance Solution 6.x has a login SQL injection that can let an unauthenticated network attacker take control of the server. The reported impact is complete compromise, including remote code execution as SYSTEM. Treat any reachable legacy Cyclope ESS deployment as a priority asset-risk issue.

Executive priority

Handle as urgent where Cyclope ESS is still deployed. The business issue is potential full server compromise and access to employee surveillance data. If exposed, isolate first, then validate version and vendor remediation options.

Technical view

Sources describe CWE-89 in the auth-login POST username parameter. Improper sanitization allows arbitrary SQL injection and reportedly can lead to PHP file execution, yielding SYSTEM-context remote code execution. CVSS 4.0 is 10.0 with network, low-complexity, no-auth attack conditions.

Likely exposure

Exposure is likely limited to organizations still running Cyclope Employee Surveillance Solution 6.0 or 6.x. Risk is highest if the web login is reachable from the internet or untrusted networks. The bundle does not confirm broader versions or supported fixed releases.

Exploitation context

The CVE is not listed as CISA KEV in the bundle, so active exploitation is not established here. Public exploit references exist, including Exploit-DB and Rapid7 Metasploit entries, which increases attacker reproducibility risk without proving current exploitation.

Researcher notes

Affected scope is inconsistent: the description says 6.x, while affected data names version 6.0. Public exploit references support exploitability, but this analysis does not reproduce offensive steps. Vendor patch status is not provided in the bundle.

Mitigation direction

  • Identify and isolate Cyclope ESS 6.0 or 6.x deployments.
  • Restrict access to the login interface from untrusted networks.
  • Check Cyclope vendor guidance for fixed versions or retirement instructions.
  • Review web server and database logs for suspicious login activity.
  • Prioritize replacement if no supported patch is available.

Validation and detection

  • Inventory hosts for Cyclope Employee Surveillance Solution installations.
  • Confirm exact product version and exposed interfaces.
  • Check whether auth-login is reachable externally or from user networks.
  • Review logs for anomalous login requests and unexpected PHP files.
  • Verify any vendor patch or compensating control is applied.
Prepared
Confidence
medium
Sources
7

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cwe · medium confidence lookup

CWE-89: Database access and collection lookup

Injection into data stores can inform collection, data access, and exfiltration detection reviews. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
description · low confidence lookup

Execution behavior lookup

The CVE wording references code or command execution, so execution technique review may help defensive triage. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.

Open ATT&CK lookup
description · low confidence lookup

Database behavior lookup

The CVE wording references database injection or access, so collection and exfiltration review may help. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2012-10047 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Critical
CVSS
10 (4.0)
Known Exploited
No
Published

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

1CVSS vectors
3Timeline events
1ADP providers
6Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: pocAutomatable: yesTechnical Impact: total

CVSS vector scores

1 official score

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
10CVSS 4.0CriticalCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:HVulnCheck

Vulnerability scoring details

Base CVSS 4.0 score

10Critical
CVSS 4.0 vector shape for CVE-2012-10047Attack VectorAttack ComplexityAttack RequirementsPrivileges RequiredUser InteractionVS ConfidentialityVS IntegrityVS AvailabilitySS ConfidentialitySS IntegritySS Availability

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Attack Requirements
NonePresent
Privileges Required
NoneLowHigh
User Interaction
NonePassiveActive
VS Confidentiality
HighLowNone
VS Integrity
HighLowNone
VS Availability
HighLowNone
SS Confidentiality
HighLowNone
SS Integrity
HighLowNone
SS Availability
HighLowNone

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
other:ssvc
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
Cyclope-SeriesCyclope Employee Surveillance Solution6.0unaffected
Weakness

CWE details

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.