Lucene search

[email protected]CVE-2010-2357

HistoryJun 21, 2010 - 8:30 p.m.

CVE-2010-2357

2010-06-2120:30:01

CWE-89

[email protected]

web.nvd.nist.gov

cve-2010-2357

sql injection

eicra realestate script

remote attackers

arbitrary commands

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

37.5%

JSON

SQL injection vulnerability in index.php in Eicra Realestate Script 1.0 and 1.6.0 allows remote attackers to execute arbitrary SQL commands via the p_id parameter. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

eicrasofteicra_realestate_scriptMatch1.0

eicrasofteicra_realestate_scriptMatch1.6.0

CPENameOperatorVersion
eicrasoft:eicra_realestate_scripteicrasoft eicra realestate scripteq1.0
eicrasoft:eicra_realestate_scripteicrasoft eicra realestate scripteq1.6.0

CPE	Name	Operator	Version
eicrasoft:eicra_realestate_script	eicrasoft eicra realestate script	eq	1.0
eicrasoft:eicra_realestate_script	eicrasoft eicra realestate script	eq	1.6.0

References

osvdb.org/65412

secunia.com/advisories/40171

www.exploit-db.com/exploits/13802

www.securityfocus.com/bid/40748

exchange.xforce.ibmcloud.com/vulnerabilities/59269

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

37.5%

JSON

Related for CVE-2010-2357

cvelist1 prion1 nvd1