Lucene search

[email protected]CVE-2010-2462

HistoryJun 25, 2010 - 9:30 p.m.

CVE-2010-2462

2010-06-2521:30:01

CWE-89

[email protected]

web.nvd.nist.gov

cve-2010-2462

sql injection

security vulnerability

toma cero orohyip

remote attack

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.0%

JSON

SQL injection vulnerability in withdraw_money.php in Toma Cero OroHYIP allows remote attackers to execute arbitrary SQL commands via the id parameter in a cancel action.

Affected configurations

NVD

Node

tomaceroorohyip

CPENameOperatorVersion
tomacero:orohyiptomacero orohyipeq*

CPE	Name	Operator	Version
tomacero:orohyip	tomacero orohyip	eq	*

References

packetstormsecurity.org/1006-exploits/orohyip-sql.txt

www.exploit-db.com/exploits/13948

www.securityfocus.com/bid/40992

exchange.xforce.ibmcloud.com/vulnerabilities/59582

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.0%

JSON

Related for CVE-2010-2462

prion1 nvd1 cvelist1