Lucene search

[email protected]NVD:CVE-2010-0122

HistoryMar 15, 2010 - 1:28 p.m.

CVE-2010-0122

2010-03-1513:28:25

CWE-89

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.6

Confidence

Low

EPSS

0.002

Percentile

57.5%

JSON

Multiple SQL injection vulnerabilities in Employee Timeclock Software 0.99 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to (a) auth.php or (b) login_action.php.

Affected configurations

Nvd

Node

timeclock-softwareemployee_timeclock_softwareMatch0.99

VendorProductVersionCPE
timeclock-softwareemployee_timeclock_software0.99cpe:2.3:a:timeclock-software:employee_timeclock_software:0.99:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
timeclock-software	employee_timeclock_software	0.99	cpe:2.3:a:timeclock-software:employee_timeclock_software:0.99:::::::*

References

secunia.com/advisories/38739

secunia.com/secunia_research/2010-11/

www.osvdb.org/62831

www.osvdb.org/62832

www.securityfocus.com/archive/1/509995/100/0/threaded

www.securityfocus.com/bid/38639

exchange.xforce.ibmcloud.com/vulnerabilities/56799

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.6

Confidence

Low

EPSS

0.002

Percentile

57.5%

JSON

Related for NVD:CVE-2010-0122

cve1 exploitdb1 securityvulns2 prion1 exploitpack1 cvelist1