Lucene search

[email protected]CVE-2013-5117

HistoryMar 12, 2014 - 2:55 p.m.

CVE-2013-5117

2014-03-1214:55:30

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

vulnerability

zldnn

dnnarticle

rss

dotnetnuke

cve-2013-5117

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.2%

JSON

SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in the ZLDNN DNNArticle module before 10.1 for DotNetNuke allows remote attackers to execute arbitrary SQL commands via the categoryid parameter.

Affected configurations

NVD

Node

zldnndnnarticleRange≤10.0

CPENameOperatorVersion
zldnn:dnnarticlezldnn dnnarticlele10.0

CPE	Name	Operator	Version
zldnn:dnnarticle	zldnn dnnarticle	le	10.0

References

osvdb.org/96306

seclists.org/fulldisclosure/2013/Sep/9

www.exploit-db.com/exploits/27602

www.securityfocus.com/bid/61788

www.zldnn.com/ViewArticle/Solution-for-DNNArticle-RSS-Security-Issue.aspx

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.2%

JSON

Related for CVE-2013-5117

zdt1 openvas1 nvd1 seebug2 checkpoint_advisories1 prion1 nessus1 packetstorm1 cvelist1 exploitpack1 exploitdb1