CVE-2010-2338

Опубликовано: 18 июн. 2010

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Multiple SQL injection vulnerabilities in redir.asp in VU Web Visitor Analyst allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. NOTE: some of these details are obtained from third party information.

Ссылки

http://osvdb.org/65483
http://packetstormsecurity.org/1006-exploits/vuwebvisitoranalyst-sql.txt
Exploit
http://secunia.com/advisories/40176
Vendor Advisory
http://www.exploit-db.com/exploits/13842
Exploit
http://www.vupen.com/english/advisories/2010/1460
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/59396
http://osvdb.org/65483
http://packetstormsecurity.org/1006-exploits/vuwebvisitoranalyst-sql.txt
Exploit
http://secunia.com/advisories/40176
Vendor Advisory
http://www.exploit-db.com/exploits/13842
Exploit
http://www.vupen.com/english/advisories/2010/1460
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/59396

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vunet:vu_web_visitor_analyst:*:*:*:*:*:*:*:*

EPSS

Процентиль: 82%

0.01743

Низкий

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-55m2-3xw2-r6v4

github

больше 3 лет назад