Lucene search

[email protected]CVE-2010-1109

HistoryMar 25, 2010 - 5:30 p.m.

CVE-2010-1109

2010-03-2517:30:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2010-1109

sql injection

phpmysport 1.4

index.php

vulnerability

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

37.7%

JSON

Multiple SQL injection vulnerabilities in index.php in phpMySport 1.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) v2 parameter in a member view action, (2) v1 parameter in a news action, (3) v1 parameter in an information action, (4) v2 parameter in a team view action, (5) v2 parameter in a club view action, or (6) v2 parameter in a matches view action.

Affected configurations

NVD

Node

djaypphpmysportMatch1.4

CPENameOperatorVersion
djayp:phpmysportdjayp phpmysporteq1.4

CPE	Name	Operator	Version
djayp:phpmysport	djayp phpmysport	eq	1.4

References

packetstormsecurity.org/1001-exploits/phpmysport-sqlaccess.txt

phpmysport.sourceforge.net/en/forum/bugs/sujet_2851.html

secunia.com/advisories/34279

www.securityfocus.com/bid/37856

exchange.xforce.ibmcloud.com/vulnerabilities/55762

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

37.7%

JSON

Related for CVE-2010-1109

cvelist1 prion1 nvd1