Lucene search

[email protected]CVE-2010-0720

HistoryFeb 26, 2010 - 8:30 p.m.

CVE-2010-0720

2010-02-2620:30:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2010-0720

sql injection

news.php

erotik auktionshaus

remote attackers

arbitrary commands

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

45.2%

JSON

SQL injection vulnerability in news.php in Erotik Auktionshaus allows remote attackers to execute arbitrary SQL commands via the id parameter.

Affected configurations

NVD

Node

systemsoftwareerotik_auktionshaus

CPENameOperatorVersion
systemsoftware:erotik_auktionshaussystemsoftware erotik auktionshauseq*

CPE	Name	Operator	Version
systemsoftware:erotik_auktionshaus	systemsoftware erotik auktionshaus	eq	*

References

4004securityproject.wordpress.com/2009/10/21/erotik-auktionshaus-sql-injection-news-php/

packetstormsecurity.org/1002-exploits/erotik-sql.txt

secunia.com/advisories/38614

www.exploit-db.com/exploits/11489

www.osvdb.org/62369

exchange.xforce.ibmcloud.com/vulnerabilities/56330

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

45.2%

JSON

Related for CVE-2010-0720

prion1 nvd1 cvelist1