CVE-2010-1336

Sažetak

Multiple SQL injection vulnerabilities in INVOhost 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) newlanguage parameters to site.php, (3) search parameter to manuals.php, and (4) unspecified vectors to faq.php. NOTE: some of these details are obtained from third party information.

Reference

http://osvdb.org/63157
http://osvdb.org/63158
http://secunia.com/advisories/39095
http://www.exploit-db.com/exploits/11874
http://www.securityfocus.com/bid/38962
https://exchange.xforce.ibmcloud.com/vulnerabilities/57161
https://exchange.xforce.ibmcloud.com/vulnerabilities/57162

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

17-08-2017 - 01:32

Objavljeno

09-04-2010 - 18:30