CVE-2010-1521

SQL injection vulnerability in include/classes/tzn_user.php in TaskFreak! Original multi user before 0.6.4 allows remote attackers to execute arbitrary SQL commands via the password parameter to login.php.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://osvdb.org/65847
http://secunia.com/advisories/40025	Vendor Advisory
http://secunia.com/secunia_research/2010-79/	Vendor Advisory
http://www.securityfocus.com/archive/1/512077/100/0/threaded
http://www.securityfocus.com/bid/41218
http://www.taskfreak.com/original/versions	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:taskfreak:taskfreak\!::::::::
	cpe:2.3:a:taskfreak:taskfreak\!:0.1:::::::*
	cpe:2.3:a:taskfreak:taskfreak\!:0.1.2:::::::*
	cpe:2.3:a:taskfreak:taskfreak\!:0.1.3:::::::*
	cpe:2.3:a:taskfreak:taskfreak\!:0.1.4:::::::*
	cpe:2.3:a:taskfreak:taskfreak\!:0.2.0:::::::*
	cpe:2.3:a:taskfreak:taskfreak\!:0.2.1:::::::*
	cpe:2.3:a:taskfreak:taskfreak\!:0.2.2:::::::*
	cpe:2.3:a:taskfreak:taskfreak\!:0.3.0:::::::*
	cpe:2.3:a:taskfreak:taskfreak\!:0.3.1:::::::*
	cpe:2.3:a:taskfreak:taskfreak\!:0.3.2:::::::*
	cpe:2.3:a:taskfreak:taskfreak\!:0.4.0:::::::*
	cpe:2.3:a:taskfreak:taskfreak\!:0.4.1:::::::*
	cpe:2.3:a:taskfreak:taskfreak\!:0.4.2:::::::*
	cpe:2.3:a:taskfreak:taskfreak\!:0.5.0:::::::*
	cpe:2.3:a:taskfreak:taskfreak\!:0.5.1:::::::*
	cpe:2.3:a:taskfreak:taskfreak\!:0.5.2:::::::*
	cpe:2.3:a:taskfreak:taskfreak\!:0.5.3:::::::*
	cpe:2.3:a:taskfreak:taskfreak\!:0.5.4:::::::*
	cpe:2.3:a:taskfreak:taskfreak\!:0.5.5:::::::*
	cpe:2.3:a:taskfreak:taskfreak\!:0.5.6:::::::*
	cpe:2.3:a:taskfreak:taskfreak\!:0.5.7:::::::*
	cpe:2.3:a:taskfreak:taskfreak\!:0.6.0:::::::*
	cpe:2.3:a:taskfreak:taskfreak\!:0.6.1:::::::*
	cpe:2.3:a:taskfreak:taskfreak\!:0.6.2:::::::*

History

No history.

Information

Published : 2010-06-30 18:30

Updated : 2024-02-04 17:54

NVD link : CVE-2010-1521

Mitre link : CVE-2010-1521

CVE.ORG link : CVE-2010-1521

JSON object : View

Products Affected

taskfreak

taskfreak\!

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

7.5 /10