Lucene search

[email protected]CVE-2010-2911

HistoryJul 28, 2010 - 9:30 p.m.

CVE-2010-2911

2010-07-2821:30:03

CWE-89

[email protected]

web.nvd.nist.gov

cve-2010-2911

sql injection

kayako esupport

index.php

nvd

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

69.4%

JSON

SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a viewnews action.

Affected configurations

NVD

Node

kayakoesupportMatch3.70.02

CPENameOperatorVersion
kayako:esupportkayako esupporteq3.70.02

CPE	Name	Operator	Version
kayako:esupport	kayako esupport	eq	3.70.02

References

packetstormsecurity.org/1007-exploits/kayakoesupport37002-sql.txt

www.exploit-db.com/exploits/14392

www.securityfocus.com/bid/41779

www.vupen.com/english/advisories/2010/1843

exchange.xforce.ibmcloud.com/vulnerabilities/60455

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

69.4%

JSON

Related for CVE-2010-2911

cvelist1 nvd1 prion1