Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-5024

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2010-5024
Last Modified 13 Feb 2012 11:02:49
Published 02 Nov 2011 05:55:16
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2010-5024

Summary

SQL injection vulnerability in manage/add_user.php in CuteSITE CMS 1.2.3 and 1.5.0 allows remote authenticated users, with Read privileges, to execute arbitrary SQL commands via the user_id parameter. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Cutesite Cms 1.2.3

  • Cutesite Cms 1.5.0


References

BID - 40612

BUGTRAQ - 20100605 SQL injection vulnerability in CuteSITE CMS

MISC - http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_cutesite_cms.html

SECUNIA - 39864

MISC - http://packetstormsecurity.org/1006-exploits/cutesitecms-sql.txt

SREASON - 8515


Last Updated: 27 May 2016 10:58:14