Lucene search

[email protected]NVD:CVE-2010-3404

HistorySep 16, 2010 - 8:00 p.m.

CVE-2010-3404

2010-09-1620:00:04

CWE-89

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.6

Confidence

Low

EPSS

0.001

Percentile

27.8%

JSON

Multiple SQL injection vulnerabilities in eshtery CMS (aka eshtery.com) allow remote attackers to execute arbitrary SQL commands via the (1) Criteria field in an unspecified form related to catlgsearch.aspx or (2) user name to an unspecified form related to adminlogin.aspx.

Affected configurations

Nvd

Node

eshtery.she7ataeshtery_cms

VendorProductVersionCPE
eshtery.she7ataeshtery_cms*cpe:2.3:a:eshtery.she7ata:eshtery_cms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
eshtery.she7ata	eshtery_cms	*	cpe:2.3:a:eshtery.she7ata:eshtery_cms::::::::

References

www.exploit-db.com/exploits/14980

www.securityfocus.com/bid/43168

exchange.xforce.ibmcloud.com/vulnerabilities/61767

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.6

Confidence

Low

EPSS

0.001

Percentile

27.8%

JSON

Related for NVD:CVE-2010-3404

prion1 exploitdb1 cvelist1 cve1