Lucene search

MitreCVE-2010-1344

HistoryApr 09, 2010 - 6:30 p.m.

CVE-2010-1344

2010-04-0918:30:00

CWE-89

mitre

web.nvd.nist.gov

cve

2010

1344

sql injection

cookex agency

ckforms

joomla

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.7

Confidence

Low

EPSS

0.002

Percentile

57.4%

JSON

SQL injection vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the fid parameter in a detail action to index.php.

Affected configurations

Nvd

Node

cookexcom_ckformsMatch1.3.3

AND

joomlajoomla\!

VendorProductVersionCPE
cookexcom_ckforms1.3.3cpe:2.3:a:cookex:com_ckforms:1.3.3:*:*:*:*:*:*:*
joomlajoomla\!*cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cookex	com_ckforms	1.3.3	cpe:2.3:a:cookex:com_ckforms:1.3.3:::::::*
joomla	joomla\!	*	cpe:2.3:a:joomla:joomla\!::::::::

References

packetstormsecurity.org/1003-exploits/joomlackforms-lfisql.txt

secunia.com/advisories/38976

www.exploit-db.com/exploits/11785

www.osvdb.org/63032

www.securityfocus.com/bid/38785

exchange.xforce.ibmcloud.com/vulnerabilities/56988

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.7

Confidence

Low

EPSS

0.002

Percentile

57.4%

JSON

Related for CVE-2010-1344