Lucene search

[email protected]CVE-2010-4838

HistorySep 14, 2011 - 2:56 a.m.

CVE-2010-4838

2011-09-1402:56:38

CWE-89

[email protected]

web.nvd.nist.gov

cve-2010-4838

sql injection

jsupport

joomla

nvd

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

8.2

Confidence

Low

EPSS

0.001

Percentile

31.1%

JSON

SQL injection vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote authenticated users, with Public Back-end permissions, to execute arbitrary SQL commands via the alpha parameter in a (1) listTickets or (2) listFaqs action to administrator/index.php.

Affected configurations

NVD

Node

extensiondepotcom_jsupportMatch1.5.6

AND

joomlajoomla\!

VendorProductVersionCPE
extensiondepotcom_jsupport1.5.6cpe:/a:extensiondepot:com_jsupport:1.5.6:::

Vendor	Product	Version	CPE
extensiondepot	com_jsupport	1.5.6	cpe:/a:extensiondepot:com_jsupport:1.5.6:::

References

packetstormsecurity.org/files/view/95797/joomlajsupport-sql.txt

secunia.com/advisories/42262

securityreason.com/securityalert/8379

www.exploit-db.com/exploits/15502

www.xenuser.org/documents/security/Joomla_com_jsupport_SQLi.txt

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

8.2

Confidence

Low

EPSS

0.001

Percentile

31.1%

JSON

Related for CVE-2010-4838

nvd1 prion1 cvelist1