Lucene search

[email protected]NVD:CVE-2010-0710

HistoryFeb 25, 2010 - 8:30 p.m.

CVE-2010-0710

2010-02-2520:30:00

CWE-89

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.1

Confidence

Low

EPSS

0.002

Percentile

54.5%

JSON

SQL injection vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 Build 103, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the newsid parameter when the sec parameter is 26. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Affected configurations

Nvd

Node

aspcodecmsaspcode_cmsMatch1.5.8

aspcodecmsaspcode_cmsMatch2.0.0

VendorProductVersionCPE
aspcodecmsaspcode_cms1.5.8cpe:2.3:a:aspcodecms:aspcode_cms:1.5.8:*:*:*:*:*:*:*
aspcodecmsaspcode_cms2.0.0cpe:2.3:a:aspcodecms:aspcode_cms:2.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
aspcodecms	aspcode_cms	1.5.8	cpe:2.3:a:aspcodecms:aspcode_cms:1.5.8:::::::*
aspcodecms	aspcode_cms	2.0.0	cpe:2.3:a:aspcodecms:aspcode_cms:2.0.0:::::::*

References

osvdb.org/62358

secunia.com/advisories/38596

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.1

Confidence

Low

EPSS

0.002

Percentile

54.5%

JSON

Related for NVD:CVE-2010-0710

prion1 cvelist1 cve1