Lucene search

[email protected]CVE-2010-4784

HistoryApr 07, 2011 - 2:23 p.m.

CVE-2010-4784

2011-04-0714:23:53

CWE-89

[email protected]

web.nvd.nist.gov

cve-2010-4784

sql injection

php web scripts

easy banner free 2009.05.18

security vulnerability

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

9 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

55.5%

JSON

Multiple SQL injection vulnerabilities in member.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.

Affected configurations

NVD

Node

phpwebscriptseasy_banner_freeMatch2009.05.18

CPENameOperatorVersion
phpwebscripts:easy_banner_freephpwebscripts easy banner freeeq2009.05.18

CPE	Name	Operator	Version
phpwebscripts:easy_banner_free	phpwebscripts easy banner free	eq	2009.05.18

References

evuln.com/vulns/147/summary.html

packetstormsecurity.org/files/view/96153/easybannerfree-sql.txt

secunia.com/advisories/42316

securityreason.com/securityalert/8184

www.osvdb.org/69511

www.securityfocus.com/archive/1/514908/100/0/threaded

www.securityfocus.com/bid/45066

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

9 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

55.5%

JSON

Related for CVE-2010-4784

cvelist1 nvd1 prion1