ID CVE-2010-5033
Type cve
Reporter cve@mitre.org
Modified 2017-08-29T01:29:00
Description
SQL injection vulnerability in ProductList.cfm in Fusebox 5.5.1 allows remote attackers to execute arbitrary SQL commands via the CatDisplay parameter.
{"id": "CVE-2010-5033", "bulletinFamily": "NVD", "title": "CVE-2010-5033", "description": "SQL injection vulnerability in ProductList.cfm in Fusebox 5.5.1 allows remote attackers to execute arbitrary SQL commands via the CatDisplay parameter.", "published": "2011-11-02T21:55:00", "modified": "2017-08-29T01:29:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5033", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/bid/40439", "https://exchange.xforce.ibmcloud.com/vulnerabilities/59003", "http://securityreason.com/securityalert/8520", "http://packetstormsecurity.org/1005-exploits/fusebox-sql.txt", "http://www.exploit-db.com/exploits/12786"], "cvelist": ["CVE-2010-5033"], "type": "cve", "lastseen": "2019-05-29T18:10:33", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "7d20ca63d5d36f1242dd7131c3b41757"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "2c17ef81a2ef78e863d50a8bad8ade52"}, {"key": "cpe23", "hash": "8b57b763f4433f233ca10df6bbd569a8"}, {"key": "cvelist", "hash": "e612fa8a694491360124fa9aaad898b4"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "cvss2", "hash": "27c7580c75f8189a2ddd31c96c2f7e2b"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "4994f73f97fee1825d38aac7bee9aefe"}, {"key": "description", "hash": "1488959dd58f3be4afcc64d428b4c9c5"}, {"key": "href", "hash": "27f0710b183ec8dfd407ca948d57c0c1"}, {"key": "modified", "hash": "76edb5b96ad153c90716553a12c0210a"}, {"key": "published", "hash": "36171013c6d8b5340aa9cb3ebca5041c"}, {"key": "references", "hash": "632d1ece44522527a57853ef99662bb3"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "4508863029dbb9e0abf5640246f334e8"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "9643e1b513f4a18edfeb405e3cdf3ea1d2aad4b633ebd82cf24c1beb5321c85a", "viewCount": 1, "enchantments": {"score": {"value": 7.2, "vector": "NONE", "modified": "2019-05-29T18:10:33"}, "dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:12786"]}], "modified": "2019-05-29T18:10:33"}, "vulnersScore": 7.2}, "objectVersion": "1.3", "cpe": ["cpe:/a:fusebox:fusebox:5.5.1"], "affectedSoftware": [{"name": "fusebox fusebox", "operator": "eq", "version": "5.5.1"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:fusebox:fusebox:5.5.1:*:*:*:*:*:*:*"], "cwe": ["CWE-89"]}
{"exploitdb": [{"lastseen": "2016-02-01T17:19:33", "bulletinFamily": "exploit", "description": "fusebox (ProductList.cfm?CatDisplay) Remote SQL Injection Vulnerability. CVE-2010-5033. Webapps exploit for windows platform", "modified": "2010-05-29T00:00:00", "published": "2010-05-29T00:00:00", "id": "EDB-ID:12786", "href": "https://www.exploit-db.com/exploits/12786/", "type": "exploitdb", "title": "fusebox ProductList.cfm?CatDisplay - Remote SQL Injection Vulnerability", "sourceData": "-----------------------------------------------------------------------------------------\r\n[AJS_ADVISORIES_01&2010]\r\nfusebox (ProductList.cfm?CatDisplay) Remote SQL Injection Vulnerability\r\n-----------------------------------------------------------------------------------------\r\n\r\nAuthor \r\n: Shamus\r\nDate : May, 29 th 2010\r\nLocation : Solo\r\n&& Jogjakarta, Indonesia\r\nWeb :\r\nhttp://antijasakom.org/forum\r\nCritical Lvl : Moderate\r\nImpact :\r\n-\r\nWhere : From Remote\r\n---------------------------------------------------------------------------\r\n\r\n\r\n\r\nAffected\r\nsoftware description:\r\n~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n\r\nApplication :\r\n-\r\nversion : -\r\nVendor : http://www.fusebox.org/\r\ndownload \r\n: http://www.fusebox.org/go/getting-started/downloading-fusebox\r\nDescription\r\n: Fusebox is the most popular framework for building ColdFusion and PHP\r\nweb applications.\r\n\"Fuseboxers\" find that the framework releases\r\nthem from much of the drudgery of writing applications and enables them\r\nto focus their efforts on creating great, customer-focused software.\r\n--------------------------------------------------------------------------\r\n\r\n\r\n\r\nVulnerability:\r\n~~~~~~~~~~~~\r\n-\r\n\r\nPoC/Exploit\r\n:\r\n~~~~~~~~~~\r\n\r\nhttp://127.0.0.1/ProductList.cfm?CatDisplay=1%27[SQL\r\nquery]\r\nhttp://127.0.0.1/[path]/ProductList.cfm?CatDisplay=1%27[SQL\r\nquery]\r\n\r\n\r\nDork:\r\n~~~~~\r\nGoogle : ProductList.cfm?CatDisplay\r\n\r\n\r\nSolution:\r\n~~~~~\r\n-\r\nN/A.\r\n\r\n\r\nTimeline:\r\n~~~~~~~\r\n\r\n- 25 - 05 - 2010 bug found\r\n-\r\n29 - 05 - 2010 no vendor contacted\r\n- 29 - 05 - 2010 advisory release\r\n---------------------------------------------------------------------------\r\n\r\n\r\n\r\nShoutz:\r\n~~~~~~~\r\n\r\noO0:::::\r\nGreetz and Thanks: :::::0Oo.\r\nTuhan YME\r\nMy Parents\r\nSPYRO_KiD\r\nK-159\r\nlirva32\r\nnewbie_campuz\r\n\r\nAnd\r\nAlso My LuvLy :\r\n..::.E.Z.R (The deepest Love I'v ever had..).::..\r\n\r\nin\r\nmemorial :\r\n1. Monique\r\n2. Dewi S.\r\n3. W. Devi Amelia\r\n4. S.\r\nAnna\r\n\r\noO0:::A hearthy handshake to: :::0Oo\r\n~ Crack SKY Staff\r\n~\r\nEcho staff\r\n~ antijasakom staff\r\n~ jatimcrew staff\r\n~ whitecyber\r\nstaff\r\n~ lumajangcrew staff\r\n~ unix_dbuger, boys_rvn1609, jaqk,\r\nbyz9991, bius, g4pt3k, anharku, wandi, 5yn_4ck, kiddies, bom2, untouch\r\n~\r\narthemist, opt1lc, m_beben, gitulaw, luvrie, poniman_coy, ThePuzci,\r\nx-ace, newbie_z, petunia, jomblo.k, hourexs_paloer, cupucyber,\r\nkucinghitam, black_samuraixxx, ucrit_penyu, wendys182, cybermuttaqin\r\n~\r\nk3nz0, thomas_ipt2007, blackpaper, nakuragen, candra\r\n~ whitehat,\r\nwenkhairu, Agoes_doubleb, diki, lumajangcrew a.k.a adwisatya a.k.a\r\nxyberbreaker, wahyu_antijasakom\r\n~ Cruz3N, mywisdom,flyff666,\r\ngunslinger_, ketek, chaer.newbie, petimati, gonzhack, spykit, xtr0nic,\r\nN4ck0, assadotcom, Qrembiezs, d4y4x\r\n~ All people in SMAN 3\r\n~ All\r\nmembers of spyrozone\r\n~ All members of echo\r\n~ All members of\r\nnewhack\r\n~ All members of jatimcrew\r\n~ All members of Anti-Jasakom\r\n~\r\nAll members of whitecyber\r\n~ All members of Devilzc0de\r\n#e-c-h-o,\r\n#K-elektronik, #newhack, #Solohackerlink, #YF, #defacer, #manadocoding,\r\n#jatimcrew, #antijasakom, #whitecyber, #devilzc0de\r\n---------------------------------------------------------------------------\r\n\r\n\r\n\r\nContact:\r\n~~~~~~~~~\r\n\r\nShamus\r\n: Shamus@antijasakom.org\r\nHomepage:\r\nhttp://antijasakom.org/forum/viewtopic.php?f=38&t=600\r\n\r\n--------------------------------\r\n[ EOF ] ----------------------------------\r\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/12786/"}]}