CVE-2010-2826
Published Aug 17, 2010
Last updated 13 years ago
Overview
- Description
- SQL injection vulnerability in Cisco Wireless Control System (WCS) 6.0.x before 6.0.196.0 allows remote authenticated users to execute arbitrary SQL commands via vectors related to the ORDER BY clause of the Client List screens, aka Bug ID CSCtf37019.
- Source
- ykramarz@cisco.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 9
- Impact score
- 10
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-89
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3F9C754F-C126-4363-A965-49205D92F300",
"versionEndIncluding": "6.0.188.0"
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "13E52795-7C27-4E3B-ABDC-549AC9728B55"
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:6.0.132.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E8486474-1D58-4165-92A7-AB9079B8A9B8"
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:6.0.170.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4D5A7438-651D-4080-B587-EBAEBA0098F1"
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:6.0.181.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E09E8ADF-0D0C-493C-B2A8-58DF6F725E45"
},
{
"criteria": "cpe:2.3:a:cisco:wireless_control_system_software:6.0.182.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "41489DF2-0A3B-4A5D-A296-03BCE07F5220"
}
],
"operator": "OR"
}
]
}
]