Lucene search

[email protected]CVE-2010-4838

HistorySep 14, 2011 - 2:56 a.m.

CVE-2010-4838

2011-09-1402:56:38

CWE-89

[email protected]

web.nvd.nist.gov

cve-2010-4838

sql injection

jsupport

joomla

nvd

security vulnerability

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

8.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

31.3%

JSON

SQL injection vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote authenticated users, with Public Back-end permissions, to execute arbitrary SQL commands via the alpha parameter in a (1) listTickets or (2) listFaqs action to administrator/index.php.

Affected configurations

NVD

Node

extensiondepotcom_jsupportMatch1.5.6

AND

joomlajoomla\!

CPENameOperatorVersion
extensiondepot:com_jsupportextensiondepot com jsupporteq1.5.6

CPE	Name	Operator	Version
extensiondepot:com_jsupport	extensiondepot com jsupport	eq	1.5.6

References

packetstormsecurity.org/files/view/95797/joomlajsupport-sql.txt

secunia.com/advisories/42262

securityreason.com/securityalert/8379

www.exploit-db.com/exploits/15502

www.xenuser.org/documents/security/Joomla_com_jsupport_SQLi.txt

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

8.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

31.3%

JSON

Related for CVE-2010-4838

prion1 nvd1 cvelist1