Lucene search

[email protected]CVE-2010-0122

HistoryMar 15, 2010 - 1:28 p.m.

CVE-2010-0122

2010-03-1513:28:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2010-0122

sql injection

employee timeclock software

nvd

8.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

57.3%

JSON

Multiple SQL injection vulnerabilities in Employee Timeclock Software 0.99 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to (a) auth.php or (b) login_action.php.

CPENameOperatorVersion
timeclock-software:employee_timeclock_softwaretimeclock-software employee timeclock softwareeq0.99

CPE	Name	Operator	Version
timeclock-software:employee_timeclock_software	timeclock-software employee timeclock software	eq	0.99

References

secunia.com/advisories/38739

secunia.com/secunia_research/2010-11/

www.osvdb.org/62831

www.osvdb.org/62832

www.securityfocus.com/archive/1/509995/100/0/threaded

www.securityfocus.com/bid/38639

exchange.xforce.ibmcloud.com/vulnerabilities/56799

8.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

57.3%

JSON

Related for CVE-2010-0122

prion1 exploitpack1 securityvulns2 cvelist1 exploitdb1