Lucene search

[email protected]CVE-2010-5019

HistoryNov 02, 2011 - 9:55 p.m.

CVE-2010-5019

2011-11-0221:55:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2010-5019

sql injection

view_photo.php

2daybiz online classified script

nvd

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

55.3%

JSON

SQL injection vulnerability in view_photo.php in 2daybiz Online Classified Script allows remote attackers to execute arbitrary SQL commands via the alb parameter.

CPENameOperatorVersion
2daybiz:online_classified_script2daybiz online classified scripteq*

CPE	Name	Operator	Version
2daybiz:online_classified_script	2daybiz online classified script	eq	*

References

packetstormsecurity.org/1006-exploits/2daybizocs-sqlxss.txt

secunia.com/advisories/40213

www.exploit-db.com/exploits/13894

www.securityfocus.com/bid/40890

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

55.3%

JSON

Related for CVE-2010-5019

prion1 cvelist1