Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-5317

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2010-5317
Last Modified 05 Jan 2015 01:20:48
Published 03 Jan 2015 06:59:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2010-5317

Summary

Multiple SQL injection vulnerabilities in index.php in SweetRice CMS before 0.6.7.1 allow remote attackers to execute arbitrary SQL commands via (1) the file_name parameter in an attachment action, (2) the post parameter in a show_comment action, (3) the sys-name parameter in an rssfeed action, or (4) the sys-name parameter in a view action.

Vulnerable Systems

Application

  • Basic-cms Sweetrice 0.6.7.1


References

MISC - https://www.htbridge.com/advisory/HTB22667


Last Updated: 27 May 2016 11:07:25