Lucene search

[email protected]CVE-2013-7193

HistoryDec 21, 2013 - 12:55 a.m.

CVE-2013-7193

2013-12-2100:55:05

CWE-89

[email protected]

web.nvd.nist.gov

c2c forward auction creator

sql injection

remote attackers

arbitrary commands

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

62.2%

JSON

Multiple SQL injection vulnerabilities in C2C Forward Auction Creator 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) pa parameter to auction/asp/list.asp, or the (2) UserID or (3) Password to auction/casp/admin.asp.

Affected configurations

NVD

Node

etoshopc2c_forward_auction_creatorMatch2.0

CPENameOperatorVersion
etoshop:c2c_forward_auction_creatoretoshop c2c forward auction creatoreq2.0

CPE	Name	Operator	Version
etoshop:c2c_forward_auction_creator	etoshop c2c forward auction creator	eq	2.0

References

osvdb.org/101075

osvdb.org/101076

packetstormsecurity.com/files/124441/c2cfac-sql.txt

www.securityfocus.com/bid/64329

exchange.xforce.ibmcloud.com/vulnerabilities/89752

exchange.xforce.ibmcloud.com/vulnerabilities/89755

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

62.2%

JSON

Related for CVE-2013-7193

nvd1 cvelist1 prion1