Lucene search

K
cve[email protected]CVE-2010-4838
HistorySep 14, 2011 - 2:56 a.m.

CVE-2010-4838

2011-09-1402:56:38
CWE-89
web.nvd.nist.gov
21
cve-2010-4838
sql injection
jsupport
joomla
nvd
security vulnerability

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

8.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

31.1%

SQL injection vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote authenticated users, with Public Back-end permissions, to execute arbitrary SQL commands via the alpha parameter in a (1) listTickets or (2) listFaqs action to administrator/index.php.

Affected configurations

NVD
Node
extensiondepotcom_jsupportMatch1.5.6
AND
joomlajoomla\!

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

8.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

31.1%

Related for CVE-2010-4838