Lucene search

[email protected]CVE-2010-4862

HistoryOct 05, 2011 - 10:55 a.m.

CVE-2010-4862

2011-10-0510:55:07

CWE-89

[email protected]

web.nvd.nist.gov

cve-2010-4862

sql injection

je directory

joomla

remote code execution

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

37.7%

JSON

SQL injection vulnerability in the JExtensions JE Directory (com_jedirectory) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php.

Affected configurations

NVD

Node

harmistechnologycom_jedirectoryMatch1.0

AND

joomlajoomla\!

CPENameOperatorVersion
harmistechnology:com_jedirectoryharmistechnology com jedirectoryeq1.0

CPE	Name	Operator	Version
harmistechnology:com_jedirectory	harmistechnology com jedirectory	eq	1.0

References

osvdb.org/68308

secunia.com/advisories/41681

www.exploit-db.com/exploits/15163

www.securityfocus.com/bid/43630

exchange.xforce.ibmcloud.com/vulnerabilities/62191

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

37.7%

JSON

Related for CVE-2010-4862

cvelist1 nvd1 prion1