Lucene search

[email protected]CVE-2010-2338

HistoryJun 18, 2010 - 9:30 p.m.

CVE-2010-2338

2010-06-1821:30:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2010-2338

sql injection

redir.asp

vu web visitor analyst

remote attackers

arbitrary sql commands

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.9 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

46.4%

JSON

Multiple SQL injection vulnerabilities in redir.asp in VU Web Visitor Analyst allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

vunetvu_web_visitor_analyst

CPENameOperatorVersion
vunet:vu_web_visitor_analystvunet vu web visitor analysteq*

CPE	Name	Operator	Version
vunet:vu_web_visitor_analyst	vunet vu web visitor analyst	eq	*

References

osvdb.org/65483

packetstormsecurity.org/1006-exploits/vuwebvisitoranalyst-sql.txt

secunia.com/advisories/40176

www.exploit-db.com/exploits/13842

www.vupen.com/english/advisories/2010/1460

exchange.xforce.ibmcloud.com/vulnerabilities/59396

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.9 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

46.4%

JSON

Related for CVE-2010-2338

nvd1 prion1 cvelist1