Lucene search

K
cve[email protected]CVE-2010-3929
HistoryFeb 02, 2011 - 1:00 a.m.

CVE-2010-3929

2011-02-0201:00:03
CWE-89
web.nvd.nist.gov
19
cve-2010-3929
sql injection
modx evolution
ajaxsearch
nvd

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

61.2%

SQL injection vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to AjaxSearch.

Affected configurations

NVD
Node
modxcmsevolutionRange1.0.4
OR
modxcmsevolutionMatch0.9.0
OR
modxcmsevolutionMatch0.9.1
OR
modxcmsevolutionMatch0.9.2.1
OR
modxcmsevolutionMatch0.9.5
OR
modxcmsevolutionMatch0.9.6
OR
modxcmsevolutionMatch0.9.6.1
OR
modxcmsevolutionMatch0.9.6.1p1
OR
modxcmsevolutionMatch0.9.6.2
OR
modxcmsevolutionMatch1.0.2
OR
modxcmsevolutionMatch1.0.3

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

61.2%

Related for CVE-2010-3929