Lucene search

[email protected]CVE-2010-2354

HistoryJun 21, 2010 - 8:30 p.m.

CVE-2010-2354

2010-06-2120:30:01

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

subscribe.php

elms pro

security vulnerability

remote exploit

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.7%

JSON

SQL injection vulnerability in subscribe.php in Pilot Group (PG) eLMS Pro allows remote attackers to execute arbitrary SQL commands via the course_id parameter.

Affected configurations

NVD

Node

pilotgroupelms_pro

CPENameOperatorVersion
pilotgroup:elms_propilotgroup elms proeq*

CPE	Name	Operator	Version
pilotgroup:elms_pro	pilotgroup elms pro	eq	*

References

osvdb.org/65423

packetstormsecurity.org/1006-exploits/elms-sql-xss.txt

secunia.com/advisories/40163

www.exploit-db.com/exploits/13785

www.securityfocus.com/bid/40677

exchange.xforce.ibmcloud.com/vulnerabilities/59296

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.7%

JSON

Related for CVE-2010-2354

nvd1 cvelist1 prion1