CVE-2010-1923

Sažetak

SQL injection vulnerability in user.php in Hi Web Wiesbaden Web 2.0 Social Network Freunde Community System allows remote attackers to execute arbitrary SQL commands via the id parameter in a showgallery action.

Reference

http://osvdb.org/64513
http://packetstormsecurity.org/1005-exploits/web20snfcs-sql.txt
http://secunia.com/advisories/39761
https://exchange.xforce.ibmcloud.com/vulnerabilities/58583

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

17-08-2017 - 01:32

Objavljeno

12-05-2010 - 16:07