CVE-2010-1327

Sažetak

Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the marca parameter to precios.php3 or (2) the where parameter in a delivery_courier action to control/abm_list.php3.

Reference

http://www.bonsai-sec.com/en/research/vulnerabilities/tornadostore-multiple-sql-injection-0106.php
http://www.securityfocus.com/bid/41233
https://exchange.xforce.ibmcloud.com/vulnerabilities/59950

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

17-08-2017 - 01:32

Objavljeno

06-07-2010 - 17:17