Lucene search

MitreCVE-2010-3423

HistorySep 16, 2010 - 10:00 p.m.

CVE-2010-3423

2010-09-1622:00:03

CWE-89

mitre

web.nvd.nist.gov

cve-2010-3423

sql injection

yr weatherdata

drupal 6.x

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.7

Confidence

Low

EPSS

0.002

Percentile

61.3%

JSON

SQL injection vulnerability in the Yr Weatherdata module for Drupal 6.x before 6.x-1.6 allows remote attackers to execute arbitrary SQL commands via the sorting method.

Affected configurations

Nvd

Node

frekayr_verdataMatch6.x-1.0

frekayr_verdataMatch6.x-1.1

frekayr_verdataMatch6.x-1.4

frekayr_verdataMatch6.x-1.5

frekayr_verdataMatch6.x-1.5beta1

frekayr_verdataMatch6.x-1.5beta2

frekayr_verdataMatch6.x-1.5rc1

frekayr_verdataMatch6.x-1.5rc2

frekayr_verdataMatch6.x-1.5rc3

AND

drupaldrupal

VendorProductVersionCPE
frekayr_verdata6.x-1.0cpe:2.3:a:freka:yr_verdata:6.x-1.0:*:*:*:*:*:*:*
frekayr_verdata6.x-1.1cpe:2.3:a:freka:yr_verdata:6.x-1.1:*:*:*:*:*:*:*
frekayr_verdata6.x-1.4cpe:2.3:a:freka:yr_verdata:6.x-1.4:*:*:*:*:*:*:*
frekayr_verdata6.x-1.5cpe:2.3:a:freka:yr_verdata:6.x-1.5:*:*:*:*:*:*:*
frekayr_verdata6.x-1.5cpe:2.3:a:freka:yr_verdata:6.x-1.5:beta1:*:*:*:*:*:*
frekayr_verdata6.x-1.5cpe:2.3:a:freka:yr_verdata:6.x-1.5:beta2:*:*:*:*:*:*
frekayr_verdata6.x-1.5cpe:2.3:a:freka:yr_verdata:6.x-1.5:rc1:*:*:*:*:*:*
frekayr_verdata6.x-1.5cpe:2.3:a:freka:yr_verdata:6.x-1.5:rc2:*:*:*:*:*:*
frekayr_verdata6.x-1.5cpe:2.3:a:freka:yr_verdata:6.x-1.5:rc3:*:*:*:*:*:*
drupaldrupal*cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
freka	yr_verdata	6.x-1.0	cpe:2.3:a:freka:yr_verdata:6.x-1.0:::::::*
freka	yr_verdata	6.x-1.1	cpe:2.3:a:freka:yr_verdata:6.x-1.1:::::::*
freka	yr_verdata	6.x-1.4	cpe:2.3:a:freka:yr_verdata:6.x-1.4:::::::*
freka	yr_verdata	6.x-1.5	cpe:2.3:a:freka:yr_verdata:6.x-1.5:::::::*
freka	yr_verdata	6.x-1.5	cpe:2.3:a:freka:yr_verdata:6.x-1.5:beta1::::::
freka	yr_verdata	6.x-1.5	cpe:2.3:a:freka:yr_verdata:6.x-1.5:beta2::::::
freka	yr_verdata	6.x-1.5	cpe:2.3:a:freka:yr_verdata:6.x-1.5:rc1::::::
freka	yr_verdata	6.x-1.5	cpe:2.3:a:freka:yr_verdata:6.x-1.5:rc2::::::
freka	yr_verdata	6.x-1.5	cpe:2.3:a:freka:yr_verdata:6.x-1.5:rc3::::::
drupal	drupal	*	cpe:2.3:a:drupal:drupal::::::::

References

drupal.org/node/606290

drupal.org/node/905686

secunia.com/advisories/41385

www.osvdb.org/67918

exchange.xforce.ibmcloud.com/vulnerabilities/61673

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.7

Confidence

Low

EPSS

0.002

Percentile

61.3%

JSON

Related for CVE-2010-3423