Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-2690

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2013-2690
Last Modified 06 Aug 2013 05:47:51
Published 28 Mar 2013 07:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-2690

Summary

SQL injection vulnerability in index.php in Synchroweb Technology SynConnect 2.0 allows remote attackers to execute arbitrary SQL commands via the loginid parameter in a logoff action.

Vulnerable Systems

Application

  • Synchroweb Synconnect 2.0


References

XF - synconnect-index-sql-injection(83040)

BID - 58711

MISC - http://packetstormsecurity.com/files/120958/SynConnect-SQL-Injection.html

MISC - http://osvdb.org/ref/91/synconnect.txt

OSVDB - 91693

BUGTRAQ - 20130325 SynConnect PMS SQL Injection Vulnerability

EXPLOIT-DB - 24898


Last Updated: 27 May 2016 10:44:50