CVE-2010-1365

2010-04-1320:20:00

mitre

www.cve.org

AI Score

8.3

Confidence

Low

EPSS

0.001

Percentile

48.6%

JSON

SQL injection vulnerability in index.php in Uiga Fan Club, as downloaded on 20100310, allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action.

References

4004securityproject.wordpress.com/2010/02/28/uigafanclub-index-php-sql-injection/

packetstormsecurity.org/1002-exploits/uigafc-sql.txt

secunia.com/advisories/38756

www.exploit-db.com/exploits/11600

www.vupen.com/english/advisories/2010/0487