Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-5026

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2010-5026
Last Modified 13 Feb 2012 11:02:50
Published 02 Nov 2011 05:55:16
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2010-5026

Summary

SQL injection vulnerability in winners.php in Science Fair In A Box (SFIAB) 2.0.6 and 2.2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Sfiab Science Fair In A Box 2.0.6

  • Sfiab Science Fair In A Box 2.2.0


References

XF - sciencefairinabox-winners-sql-injection(59282)

VUPEN - ADV-2010-1428

BID - 40743

OSVDB - 65420

EXPLOIT-DB - 13801

SECUNIA - 40170

MISC - http://packetstormsecurity.org/1006-exploits/fairinabox-sqlxss.txt

SREASON - 8516


Last Updated: 27 May 2016 10:58:14