Vulnerability CVE-2010-3404
Published: 2010-09-16   Modified: 2012-02-13

Description:
Multiple SQL injection vulnerabilities in eshtery CMS (aka eshtery.com) allow remote attackers to execute arbitrary SQL commands via the (1) Criteria field in an unspecified form related to catlgsearch.aspx or (2) user name to an unspecified form related to adminlogin.aspx.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Eshtery.she7ata -> Eshtery cms 

 References:
http://xforce.iss.net/xforce/xfdb/61767
http://www.securityfocus.com/bid/43168
http://www.exploit-db.com/exploits/14980
Copyright 2024, cxsecurity.com

 

Back to Top