Lucene search

[email protected]NVD:CVE-2010-4838

HistorySep 14, 2011 - 2:56 a.m.

CVE-2010-4838

2011-09-1402:56:38

CWE-89

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.001

Percentile

31.1%

JSON

SQL injection vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote authenticated users, with Public Back-end permissions, to execute arbitrary SQL commands via the alpha parameter in a (1) listTickets or (2) listFaqs action to administrator/index.php.

Affected configurations

Nvd

Node

extensiondepotcom_jsupportMatch1.5.6

AND

joomlajoomla\!

VendorProductVersionCPE
extensiondepotcom_jsupport1.5.6cpe:2.3:a:extensiondepot:com_jsupport:1.5.6:*:*:*:*:*:*:*
joomlajoomla\!*cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
extensiondepot	com_jsupport	1.5.6	cpe:2.3:a:extensiondepot:com_jsupport:1.5.6:::::::*
joomla	joomla\!	*	cpe:2.3:a:joomla:joomla\!::::::::

References

packetstormsecurity.org/files/view/95797/joomlajsupport-sql.txt

secunia.com/advisories/42262

securityreason.com/securityalert/8379

www.exploit-db.com/exploits/15502

www.xenuser.org/documents/security/Joomla_com_jsupport_SQLi.txt

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.001

Percentile

31.1%

JSON

Related for NVD:CVE-2010-4838

prion1 cve1 cvelist1 exploitdb1