CVE-2010-4782

Sažetak

Multiple SQL injection vulnerabilities in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) city, (2) state, (3) country, (4) minprice, (5) maxprice, (6) bed, and (7) bath parameters, different vectors than CVE-2006-6807.

Reference

http://packetstormsecurity.org/files/view/96305/anandarealestate-sql.txt
http://secunia.com/advisories/23506
http://securityreason.com/securityalert/8185
http://www.exploit-db.com/exploits/15661
http://www.securityfocus.com/bid/45146

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

22-09-2011 - 03:27

Objavljeno

07-04-2011 - 14:23