Lucene search

[email protected]CVE-2011-1055

HistoryFeb 21, 2011 - 7:00 p.m.

CVE-2011-1055

2011-02-2119:00:02

CWE-89

[email protected]

web.nvd.nist.gov

cve

2011

1055

sql injection

lingxia i.c.e cms

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.5%

JSON

SQL injection vulnerability in api/ice_media.cfc in Lingxia I.C.E CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the session.user_id parameter to media.cfm.

Affected configurations

NVD

Node

lingxia273lingxia_i.c.e_cmsMatch1.0

CPENameOperatorVersion
lingxia273:lingxia_i.c.e_cmslingxia273 lingxia i.c.e cmseq1.0

CPE	Name	Operator	Version
lingxia273:lingxia_i.c.e_cms	lingxia273 lingxia i.c.e cms	eq	1.0

References

secunia.com/advisories/43327

www.exploit-db.com/exploits/16171

www.securityfocus.com/bid/46373

www.stratsec.net/Research/Advisories/Lingxia-273-I-C-E-CMS-Blind-SQL-Injection-%28SS-2011

exchange.xforce.ibmcloud.com/vulnerabilities/65462

exchange.xforce.ibmcloud.com/vulnerabilities/65477

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.5%

JSON

Related for CVE-2011-1055

checkpoint_advisories1 prion1 nvd1 cvelist1