CVE-2010-4916

Опубликовано: 08 окт. 2011

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Multiple SQL injection vulnerabilities in index.cfm in ColdGen ColdUserGroup 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) ArticleID or (2) LibraryID parameter.

Ссылки

http://packetstormsecurity.org/1009-exploits/coldusergroup-sql.txt
Exploit
http://secunia.com/advisories/41335
Vendor Advisory
http://securityreason.com/securityalert/8448
http://www.exploit-db.com/exploits/14935
Exploit
http://www.securityfocus.com/bid/43035
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/61638
http://packetstormsecurity.org/1009-exploits/coldusergroup-sql.txt
Exploit
http://secunia.com/advisories/41335
Vendor Advisory
http://securityreason.com/securityalert/8448
http://www.exploit-db.com/exploits/14935
Exploit
http://www.securityfocus.com/bid/43035
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/61638

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:coldgen:coldusergroup:1.06:*:*:*:*:*:*:*

EPSS

Процентиль: 79%

0.01264

Низкий

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-h2wc-cvm7-46rm

github

больше 3 лет назад