Lucene search

[email protected]CVE-2010-4362

HistoryDec 01, 2010 - 4:06 p.m.

CVE-2010-4362

2010-12-0116:06:13

CWE-89

[email protected]

web.nvd.nist.gov

cve-2010-4362

sql injection

micronetsoft

rv dealer website

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.0%

JSON

Multiple SQL injection vulnerabilities in MicroNetsoft RV Dealer Website allow remote attackers to execute arbitrary SQL commands via the (1) selStock parameter to search.asp and the (2) orderBy parameter to showAlllistings.asp.

Affected configurations

NVD

Node

micronetsoftrv_dealer_website

CPENameOperatorVersion
micronetsoft:rv_dealer_websitemicronetsoft rv dealer websiteeq*

CPE	Name	Operator	Version
micronetsoft:rv_dealer_website	micronetsoft rv dealer website	eq	*

References

secunia.com/advisories/41319

www.exploit-db.com/exploits/15629

www.securityfocus.com/bid/45089

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.0%

JSON

Related for CVE-2010-4362

cvelist1 prion1 nvd1