Lucene search

[email protected]CVE-2010-1092

HistoryMar 24, 2010 - 10:44 p.m.

CVE-2010-1092

2010-03-2422:44:14

CWE-89

[email protected]

web.nvd.nist.gov

cve

sql injection

scriptsfeed business directory software

remote attack

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.2%

JSON

Multiple SQL injection vulnerabilities in login.php in ScriptsFeed Business Directory Software allow remote attackers to execute arbitrary SQL commands via the (1) us and (2) ps parameters.

Affected configurations

NVD

Node

scriptsfeedbusiness_directory_software

CPENameOperatorVersion
scriptsfeed:business_directory_softwarescriptsfeed business directory softwareeq*

CPE	Name	Operator	Version
scriptsfeed:business_directory_software	scriptsfeed business directory software	eq	*

References

osvdb.org/62626

secunia.com/advisories/38771

www.exploit-db.com/exploits/11592

www.securityfocus.com/bid/38470

www.vupen.com/english/advisories/2010/0494

exchange.xforce.ibmcloud.com/vulnerabilities/56570

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.2%

JSON

Related for CVE-2010-1092

prion1 cvelist1 nvd1