Lucene search

MitreCVE-2010-4844

HistorySep 27, 2011 - 10:55 a.m.

CVE-2010-4844

2011-09-2710:55:04

CWE-89

mitre

web.nvd.nist.gov

sql injection

vulnerability

content.php

mh products easy online shop

kat parameter

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.7

Confidence

Low

EPSS

0.001

Percentile

45.1%

JSON

SQL injection vulnerability in content.php in MH Products Easy Online Shop allows remote attackers to execute arbitrary SQL commands via the kat parameter.

Affected configurations

Nvd

Node

mhproductseasy_online_shop

VendorProductVersionCPE
mhproductseasy_online_shop*cpe:2.3:a:mhproducts:easy_online_shop:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mhproducts	easy_online_shop	*	cpe:2.3:a:mhproducts:easy_online_shop::::::::

References

packetstormsecurity.org/files/view/96780/easyonlineshop-sql.txt

secunia.com/advisories/42680

securityreason.com/securityalert/8396

www.exploit-db.com/exploits/15755

www.securityfocus.com/bid/45477

exchange.xforce.ibmcloud.com/vulnerabilities/64192

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.7

Confidence

Low

EPSS

0.001

Percentile

45.1%

JSON

Related for CVE-2010-4844