Lucene search

[email protected]CVE-2010-4780

HistoryApr 07, 2011 - 2:23 p.m.

CVE-2010-4780

2011-04-0714:23:53

CWE-89

[email protected]

web.nvd.nist.gov

cve-2010-4780

sql injection

enano cms

sessions.php

nvd

vulnerability

remote attackers

arbitrary commands

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.9%

JSON

SQL injection vulnerability in the check_banlist function in includes/sessions.php in Enano CMS 1.1.7pl1; 1.0.6pl2; and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2 allows remote attackers to execute arbitrary SQL commands via the email parameter to index.php. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

enanocmsenano_cmsRange≤1.1.7pl2

enanocmsenano_cmsMatch0.8.1

enanocmsenano_cmsMatch0.8.2

enanocmsenano_cmsMatch0.8.3

enanocmsenano_cmsMatch0.8.4

enanocmsenano_cmsMatch0.9.1

enanocmsenano_cmsMatch0.9.2

enanocmsenano_cmsMatch0.9.3

enanocmsenano_cmsMatch1.0

enanocmsenano_cmsMatch1.0.1

enanocmsenano_cmsMatch1.0.2

enanocmsenano_cmsMatch1.0.2b1

enanocmsenano_cmsMatch1.0.3

enanocmsenano_cmsMatch1.0.4

enanocmsenano_cmsMatch1.0.5

enanocmsenano_cmsMatch1.0.6

enanocmsenano_cmsMatch1.0.6pl1

enanocmsenano_cmsMatch1.0.6pl2

enanocmsenano_cmsMatch1.0.6pl3

enanocmsenano_cmsMatch1.1.1

enanocmsenano_cmsMatch1.1.2

enanocmsenano_cmsMatch1.1.3

enanocmsenano_cmsMatch1.1.4

enanocmsenano_cmsMatch1.1.5

enanocmsenano_cmsMatch1.1.6

enanocmsenano_cmsMatch1.1.7

enanocmsenano_cmsMatch1.1.7pl1

CPENameOperatorVersion
enanocms:enano_cmsenanocms enano cmsle1.1.7
enanocms:enano_cmsenanocms enano cmseq0.8.1
enanocms:enano_cmsenanocms enano cmseq0.8.2
enanocms:enano_cmsenanocms enano cmseq0.8.3
enanocms:enano_cmsenanocms enano cmseq0.8.4
enanocms:enano_cmsenanocms enano cmseq0.9.1
enanocms:enano_cmsenanocms enano cmseq0.9.2
enanocms:enano_cmsenanocms enano cmseq0.9.3
enanocms:enano_cmsenanocms enano cmseq1.0
enanocms:enano_cmsenanocms enano cmseq1.0.1

CPE	Name	Operator	Version
enanocms:enano_cms	enanocms enano cms	le	1.1.7
enanocms:enano_cms	enanocms enano cms	eq	0.8.1
enanocms:enano_cms	enanocms enano cms	eq	0.8.2
enanocms:enano_cms	enanocms enano cms	eq	0.8.3
enanocms:enano_cms	enanocms enano cms	eq	0.8.4
enanocms:enano_cms	enanocms enano cms	eq	0.9.1
enanocms:enano_cms	enanocms enano cms	eq	0.9.2
enanocms:enano_cms	enanocms enano cms	eq	0.9.3
enanocms:enano_cms	enanocms enano cms	eq	1.0
enanocms:enano_cms	enanocms enano cms	eq	1.0.1

Rows per page:

1-10 of 221

References

enanocms.org/News:Article/2010/11/16/Enano_1.1.8.2c_1.0.6pl3.2c_and_1.1.7pl2_released

osvdb.org/69537

packetstormsecurity.org/files/view/96229/enanocms-sqldisclose.txt

secunia.com/advisories/42375

securityreason.com/securityalert/8183

www.exploit-db.com/exploits/15645

www.htbridge.ch/advisory/sql_injection_in_enano_cms.html

www.securityfocus.com/bid/45120

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.9%

JSON

Related for CVE-2010-4780

prion1 htbridge1 cvelist1 nvd1