CVE-2010-4400

2010-12-0423:00:00

mitre

www.cve.org

AI Score

8.4

Confidence

Low

EPSS

0.004

Percentile

73.6%

JSON

SQL injection vulnerability in _rights.php in DynPG CMS 4.2.0 allows remote attackers to execute arbitrary SQL commands via the giveRights_UserId parameter.

References

osvdb.org/69631

packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt

www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update&read_article=226

www.exploit-db.com/exploits/15646

www.htbridge.ch/advisory/sql_injection_in_dynpg.html

www.securityfocus.com/bid/45115