Lucene search

[email protected]CVE-2010-4635

HistoryDec 30, 2010 - 9:00 p.m.

CVE-2010-4635

2010-12-3021:00:05

CWE-89

[email protected]

web.nvd.nist.gov

cve-2010-4635

sql injection

site2nite

vrbo

remote attackers

arbitrary sql commands

id parameter

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

38.5%

JSON

SQL injection vulnerability in detail.asp in Site2Nite Vacation Rental (VRBO) Listings allows remote attackers to execute arbitrary SQL commands via the ID parameter.

Affected configurations

NVD

Node

site2nitevacation_rental_listings

CPENameOperatorVersion
site2nite:vacation_rental_listingssite2nite vacation rental listingseq*

CPE	Name	Operator	Version
site2nite:vacation_rental_listings	site2nite vacation rental listings	eq	*

References

osvdb.org/68983

packetstormsecurity.org/1011-exploits/site2nitevr-sql.txt

secunia.com/advisories/42087

www.exploit-db.com/exploits/15395

www.securityfocus.com/bid/44619

exchange.xforce.ibmcloud.com/vulnerabilities/62956

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

38.5%

JSON

Related for CVE-2010-4635

prion1 nvd1 cvelist1