CVE-2010-0614

Sažetak

SQL injection vulnerability in ajax.php in evalSMSI 2.1.03 allows remote attackers to execute arbitrary SQL commands via the query parameter in the (1) question action, and possibly the (2) sub_par or (3) num_quest actions.

Reference

http://packetstormsecurity.org/1002-exploits/corelan-10-008-evalmsi.txt
http://secunia.com/advisories/38478
http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-008-evalmsi-2-1-03-multiple-vulnerabilities/
http://www.osvdb.org/62177
http://www.securityfocus.com/archive/1/509370/100/0/threaded
http://www.securityfocus.com/bid/38116
https://exchange.xforce.ibmcloud.com/vulnerabilities/56152

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

10-10-2018 - 19:53

Objavljeno

11-02-2010 - 17:30