Lucene search

[email protected]CVE-2010-4982

HistoryNov 01, 2011 - 10:55 p.m.

CVE-2010-4982

2011-11-0122:55:05

CWE-89

[email protected]

web.nvd.nist.gov

cve-2010-4982

sql injection

my kazaam

address book

contact organizer

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

33.3%

JSON

SQL injection vulnerability in address_book/contacts.php in My Kazaam Address & Contact Organizer allows remote attackers to execute arbitrary SQL commands via the var1 parameter.

Affected configurations

NVD

Node

mykazaamaddress_\&_contact_organizerMatch-

CPENameOperatorVersion
mykazaam:address_\&_contact_organizermykazaam address & contact organizereq-

CPE	Name	Operator	Version
mykazaam:address_\&_contact_organizer	mykazaam address & contact organizer	eq	-

References

www.exploit-db.com/exploits/14326

www.vupen.com/english/advisories/2010/1785

exchange.xforce.ibmcloud.com/vulnerabilities/60269

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

33.3%

JSON

Related for CVE-2010-4982

cvelist1 prion1 nvd1