Lucene search

[email protected]CVE-2010-1654

HistoryMay 03, 2010 - 1:51 p.m.

CVE-2010-1654

2010-05-0313:51:53

CWE-89

[email protected]

web.nvd.nist.gov

cve-2010-1654

sql injection

infocus real estate enterprise edition

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.9 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

48.6%

JSON

Multiple SQL injection vulnerabilities in system_member_login.php in Infocus Real Estate Enterprise Edition allow remote attackers to execute arbitrary SQL commands via the (1) username (aka login) and (2) password parameters. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

instantrankingseoinfocus_real_estateMatch--enterprise

CPENameOperatorVersion
instantrankingseo:infocus_real_estateinstantrankingseo infocus real estateeq-

CPE	Name	Operator	Version
instantrankingseo:infocus_real_estate	instantrankingseo infocus real estate	eq	-

References

packetstormsecurity.org/1004-exploits/ireee-sql.txt

secunia.com/advisories/39625

www.exploit-db.com/exploits/12415

www.securityfocus.com/bid/39731

www.vupen.com/english/advisories/2010/1014

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.9 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

48.6%

JSON

Related for CVE-2010-1654

nvd1 cvelist1 prion1