CVE-2010-3076

Published Oct 14, 2010

Last updated 3 months ago

CVSS info 7.5

Overview

Description: The filter function in php/src/include.php in Simple Management for BIND (aka smbind) before 0.4.8 does not anchor a certain regular expression, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via the username parameter to the admin login page.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-89

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:blentz:smbind:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E1538A6-E1B5-4CF2-AEEB-E001A8FCB325",
            "versionEndIncluding": "0.4.7"
          },
          {
            "criteria": "cpe:2.3:a:blentz:smbind:0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CB211A75-8BB8-4363-8882-DD42788375EB"
          },
          {
            "criteria": "cpe:2.3:a:blentz:smbind:0.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A787D9D3-5101-4E90-956A-5E4DE59822AF"
          },
          {
            "criteria": "cpe:2.3:a:blentz:smbind:0.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "67546FFC-CFA8-4C10-BCED-899DAC54E722"
          },
          {
            "criteria": "cpe:2.3:a:blentz:smbind:0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20F4DAAB-E3DC-4C30-9BE1-A48A115235B4"
          },
          {
            "criteria": "cpe:2.3:a:blentz:smbind:0.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F7E9DF7-48C5-4360-8456-8A286149847E"
          },
          {
            "criteria": "cpe:2.3:a:blentz:smbind:0.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AFC9603F-1631-48A8-BD09-3BD64E4A032D"
          },
          {
            "criteria": "cpe:2.3:a:blentz:smbind:0.4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76D6C4AD-95EF-40C0-A94E-1090E5B9697A"
          },
          {
            "criteria": "cpe:2.3:a:blentz:smbind:0.4.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B7E5DA14-B008-4437-BC61-3ACBD5671425"
          },
          {
            "criteria": "cpe:2.3:a:blentz:smbind:0.4.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "364C8859-84D5-44F9-801E-4A2B2CFA7BA7"
          },
          {
            "criteria": "cpe:2.3:a:blentz:smbind:0.4.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C52D91EA-2602-4D39-936F-552D76F5D443"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References