Lucene search

[email protected]CVE-2010-4916

HistoryOct 08, 2011 - 10:55 a.m.

CVE-2010-4916

2011-10-0810:55:07

CWE-89

[email protected]

web.nvd.nist.gov

cve-2010-4916

sql injection

coldgen

coldusergroup

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.8%

JSON

Multiple SQL injection vulnerabilities in index.cfm in ColdGen ColdUserGroup 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) ArticleID or (2) LibraryID parameter.

Affected configurations

NVD

Node

coldgencoldusergroupMatch1.06

CPENameOperatorVersion
coldgen:coldusergroupcoldgen coldusergroupeq1.06

CPE	Name	Operator	Version
coldgen:coldusergroup	coldgen coldusergroup	eq	1.06

References

packetstormsecurity.org/1009-exploits/coldusergroup-sql.txt

secunia.com/advisories/41335

securityreason.com/securityalert/8448

www.exploit-db.com/exploits/14935

www.securityfocus.com/bid/43035

exchange.xforce.ibmcloud.com/vulnerabilities/61638

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.8%

JSON

Related for CVE-2010-4916

prion1 nvd1 cvelist1 openvas1