Lucene search

K

[email protected]NVD:CVE-2010-1868

HistoryMay 07, 2010 - 11:00 p.m.

CVE-2010-1868

2010-05-0723:00:01

CWE-94

[email protected]

web.nvd.nist.gov

6

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

10

Confidence

High

EPSS

0.008

Percentile

81.5%

The (1) sqlite_single_query and (2) sqlite_array_query functions in ext/sqlite/sqlite.c in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to execute arbitrary code by calling these functions with an empty SQL query, which triggers access of uninitialized memory.

Affected configurations

Nvd

Node

phpphpMatch5.2.0

OR

phpphpMatch5.2.1

OR

phpphpMatch5.2.2

OR

phpphpMatch5.2.3

OR

phpphpMatch5.2.4

OR

phpphpMatch5.2.5

OR

phpphpMatch5.2.6

OR

phpphpMatch5.2.8

OR

phpphpMatch5.2.9

OR

phpphpMatch5.2.10

OR

phpphpMatch5.2.11

OR

phpphpMatch5.2.12

OR

phpphpMatch5.2.13

Node

phpphpMatch5.3.0

OR

phpphpMatch5.3.1

OR

phpphpMatch5.3.2

References

php-security.org/2010/05/07/mops-2010-012-php-sqlite_single_query-uninitialized-memory-usage-vulnerability/index.html

php-security.org/2010/05/07/mops-2010-013-php-sqlite_array_query-uninitialized-memory-usage-vulnerability/index.html

php-security.org/2010/05/07/mops-submission-03-sqlite_single_query-sqlite_array_query-uninitialized-memory-usage/index.html

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

10

Confidence

High

EPSS

0.008

Percentile

81.5%

Related for NVD:CVE-2010-1868

openvas5 cve1 ubuntucve1 cvelist1 prion1 securityvulns3 nessus2 ubuntu1 gentoo1