QwikSec

Security Database

CVE

CWE

Training

CVE-2012-10047

Published: Aug 8, 2025

Modified: May 26, 2026

PUBLISHED

Description

Cyclope Employee Surveillance Solution versions 6.x are vulnerable to a SQL injection flaw in its login mechanism. The username parameter in the auth-login POST request is not properly sanitized, allowing attackers to inject arbitrary SQL statements. This can be leveraged to write and execute a malicious PHP file on disk, resulting in remote code execution under the SYSTEM user context.

Vendor	Product	Versions
Cyclope-Series	Cyclope Employee Surveillance Solution	affected `6.0`

Weaknesses (CWE)

References

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/cyclope_ess_sqli.rb

exploit

https://www.exploit-db.com/exploits/20393

exploit

https://www.exploit-db.com/exploits/20501

exploit

https://www.cyclope-series.com/

product

https://www.vulncheck.com/advisories/cyclope-employee-surveillance-solution-sql-injection

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.