Lucene search

[email protected]CVE-2010-0723

HistoryFeb 26, 2010 - 8:30 p.m.

CVE-2010-0723

2010-02-2620:30:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2010-0723

sql injection

news.php

ero auktion 2.0

security vulnerability

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

57.1%

JSON

SQL injection vulnerability in news.php in Ero Auktion 2.0 and 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Affected configurations

NVD

Node

mhproductsero_auktionMatch2.0

mhproductsero_auktionMatch2010

CPENameOperatorVersion
mhproducts:ero_auktionmhproducts ero auktioneq2.0
mhproducts:ero_auktionmhproducts ero auktioneq2010

CPE	Name	Operator	Version
mhproducts:ero_auktion	mhproducts ero auktion	eq	2.0
mhproducts:ero_auktion	mhproducts ero auktion	eq	2010

References

4004securityproject.wordpress.com/2010/02/21/ero-auktion-2010-sql-injection-news-php/

4004securityproject.wordpress.com/2010/02/21/ero-auktion-v-2-0-sql-injection-news-php/

packetstormsecurity.org/1002-exploits/eroauktion20-sql.txt

packetstormsecurity.org/1002-exploits/eroauktion2010-sql.txt

secunia.com/advisories/38666

www.exploit-db.com/exploits/11521

www.exploit-db.com/exploits/11522

exchange.xforce.ibmcloud.com/vulnerabilities/56446

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

57.1%

JSON

Related for CVE-2010-0723

cvelist2 nvd2 prion2 cve1