Lucene search

[email protected]CVE-2010-4632

HistoryOct 03, 2022 - 4:21 p.m.

CVE-2010-4632

2022-10-0316:21:04

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

aspilot

pilot cart 7.3

cve-2010-4632

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.052 Low

EPSS

Percentile

93.0%

JSON

Multiple SQL injection vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to execute arbitrary SQL commands via the (1) article parameter to kb.asp, (2) specific parameter to cart.asp, (3) countrycode parameter to contact.asp, and the (4) srch parameter to search.asp. NOTE: the article parameter to pilot.asp is already covered by CVE-2008-2688.

Affected configurations

NVD

Node

pilotcartpilot_cartMatch7.3

CPENameOperatorVersion
pilotcart:pilot_cartpilotcart pilot carteq7.3

CPE	Name	Operator	Version
pilotcart:pilot_cart	pilotcart pilot cart	eq	7.3

References

advisories.ariko-security.com/november/audyt_bezpieczenstwa_745.html

marc.info/?l=full-disclosure&m=128913521908405&w=2

packetstormsecurity.org/1011-exploits/aspilotpilotcart-sqlxssinject.txt

secunia.com/advisories/30176

www.exploit-db.com/exploits/15448

www.securityfocus.com/bid/44698

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.052 Low

EPSS

Percentile

93.0%

JSON

Related for CVE-2010-4632

cvelist2 prion2 nvd2 cve1 exploitpack1 packetstorm1 seebug1 exploitdb1