Lucene search

[email protected]CVE-2010-0698

HistoryFeb 23, 2010 - 8:30 p.m.

CVE-2010-0698

2010-02-2320:30:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2010-0698

sql injection

backoffice/login.asp

dynamicsoft wsc cms 2.2

remote attackers

arbitrary sql commands

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

31.6%

JSON

SQL injection vulnerability in backoffice/login.asp in Dynamicsoft WSC CMS 2.2 allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

dynamicsoftwsc_cmsMatch2.2

CPENameOperatorVersion
dynamicsoft:wsc_cmsdynamicsoft wsc cmseq2.2

CPE	Name	Operator	Version
dynamicsoft:wsc_cms	dynamicsoft wsc cms	eq	2.2

References

packetstormsecurity.org/1002-exploits/wsccms-sql.txt

secunia.com/advisories/38698

www.exploit-db.com/exploits/11507

www.securityfocus.com/bid/38335

exchange.xforce.ibmcloud.com/vulnerabilities/56406

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

31.6%

JSON

Related for CVE-2010-0698

cvelist1 nvd1 prion1