Lucene search

[email protected]CVE-2010-1338

HistoryApr 09, 2010 - 6:30 p.m.

CVE-2010-1338

2010-04-0918:30:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2010-1338

sql injection

teamsite hack plugin

woltlab burning board

remote attackers

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.9%

JSON

SQL injection vulnerability in ts_other.php in the Teamsite Hack plugin 3.0 and earlier for WoltLab Burning Board allows remote attackers to execute arbitrary SQL commands via the userid parameter in a modboard action.

Affected configurations

NVD

Node

robertottoteamsite_hack_pluginRange≤3.0

AND

woltlabburning_board

CPENameOperatorVersion
robertotto:teamsite_hack_pluginrobertotto teamsite hack pluginle3.0

CPE	Name	Operator	Version
robertotto:teamsite_hack_plugin	robertotto teamsite hack plugin	le	3.0

References

4004securityproject.wordpress.com/2010/03/22/woltlab-burning-board-teamsite-hack-v3-0-ts_other-php-sql-injection-exploit-2/

445544.44.ohost.de/worldlabburningboardadon2python-1.txt

osvdb.org/63126

packetstormsecurity.org/1003-exploits/woltlabb-sql.txt

secunia.com/advisories/39009

www.exploit-db.com/exploits/11824

www.securityfocus.com/bid/38870

exchange.xforce.ibmcloud.com/vulnerabilities/57066

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.9%

JSON

Related for CVE-2010-1338

prion1 nvd1 cvelist1