Vulnerability CVE-2010-3404


Published: 2010-09-16   Modified: 2012-02-13

Description:
Multiple SQL injection vulnerabilities in eshtery CMS (aka eshtery.com) allow remote attackers to execute arbitrary SQL commands via the (1) Criteria field in an unspecified form related to catlgsearch.aspx or (2) user name to an unspecified form related to adminlogin.aspx.

Vendor: Eshtery.she7ata
Product: Eshtery cms 

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://xforce.iss.net/xforce/xfdb/61767
http://www.securityfocus.com/bid/43168
http://www.exploit-db.com/exploits/14980

Copyright 2019, cxsecurity.com

 

Back to Top