Lucene search

MitreCVE-2010-4941

HistoryOct 09, 2011 - 10:55 a.m.

CVE-2010-4941

2011-10-0910:55:22

CWE-89

mitre

web.nvd.nist.gov

cve

2010

4941

sql injection

vulnerability

joomla!

teams

component

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.6

Confidence

Low

EPSS

0.001

Percentile

37.5%

JSON

SQL injection vulnerability in the Teams (com_teams) component 1_1028_100809_1711 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PlayerID parameter in a player save action to index.php.

Affected configurations

Nvd

Node

joomlamocom_teamsMatch1_1028_100809_1711

AND

joomlajoomla\!

VendorProductVersionCPE
joomlamocom_teams1_1028_100809_1711cpe:2.3:a:joomlamo:com_teams:1_1028_100809_1711:*:*:*:*:*:*:*
joomlajoomla\!*cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
joomlamo	com_teams	1_1028_100809_1711	cpe:2.3:a:joomlamo:com_teams:1_1028_100809_1711:::::::*
joomla	joomla\!	*	cpe:2.3:a:joomla:joomla\!::::::::

References

adv.salvatorefresta.net/Teams_1_1028_100809_1711_Joomla_Component_Multiple_Blind_SQL_Injection_Vulnerabilities-10082010.txt

secunia.com/advisories/40933

securityreason.com/securityalert/8463

www.exploit-db.com/exploits/14598

www.securityfocus.com/archive/1/512974/100/0/threaded

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.6

Confidence

Low

EPSS

0.001

Percentile

37.5%

JSON

Related for CVE-2010-4941