Lucene search

MitreCVE-2010-2688

HistoryJul 12, 2010 - 1:27 p.m.

CVE-2010-2688

2010-07-1213:27:28

CWE-89

mitre

web.nvd.nist.gov

sql injection

vulnerability

site2nite

boat classifieds

id parameter

remote execution

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.7

Confidence

Low

EPSS

0.005

Percentile

77.0%

JSON

SQL injection vulnerability in detail.asp in Site2Nite Boat Classifieds allows remote attackers to execute arbitrary SQL commands via the ID parameter.

Affected configurations

Nvd

Node

site2niteboat_classifieds

VendorProductVersionCPE
site2niteboat_classifieds*cpe:2.3:a:site2nite:boat_classifieds:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
site2nite	boat_classifieds	*	cpe:2.3:a:site2nite:boat_classifieds::::::::

References

packetstormsecurity.org/1006-exploits/boatclassdetail-sql.txt

secunia.com/advisories/40263

www.exploit-db.com/exploits/13990

www.osvdb.org/65686

www.securityfocus.com/bid/41046

www.vupen.com/english/advisories/2010/1576

exchange.xforce.ibmcloud.com/vulnerabilities/59671

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.7

Confidence

Low

EPSS

0.005

Percentile

77.0%

JSON

Related for CVE-2010-2688