CVE-2010-3404
Published Sep 16, 2010
Last updated 7 years ago
Overview
- Description
- Multiple SQL injection vulnerabilities in eshtery CMS (aka eshtery.com) allow remote attackers to execute arbitrary SQL commands via the (1) Criteria field in an unspecified form related to catlgsearch.aspx or (2) user name to an unspecified form related to adminlogin.aspx.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-89
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eshtery.she7ata:eshtery_cms:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F7B6E49F-3C72-46C3-8A71-89CE6C5BE256"
}
],
"operator": "OR"
}
]
}
]