CVE-2010-4782

{"id": "CVE-2010-4782", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-04-07T14:23:53.420", "references": [{"url": "http://packetstormsecurity.org/files/view/96305/anandarealestate-sql.txt", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/23506", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/8185", "source": "cve@mitre.org"}, {"url": "http://www.exploit-db.com/exploits/15661", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/45146", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.org/files/view/96305/anandarealestate-sql.txt", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/23506", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityreason.com/securityalert/8185", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.exploit-db.com/exploits/15661", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/45146", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) city, (2) state, (3) country, (4) minprice, (5) maxprice, (6) bed, and (7) bath parameters, different vectors than CVE-2006-6807."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en list.asp Softwebs en Nepal (tambi\u00e9n conocido como Ananda Raj Pandey) Ananda Real Estate v3.4, permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de los par\u00e1metros (1) city, (2) state, (3) country, (4) minprice, (5) maxprice, (6) bed, and (7) bath, diferentes vectores que CVE-2006-6807."}], "lastModified": "2024-11-21T01:21:45.880", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:softwebsnepal:ananda_real_estate:3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B55B139-901C-4726-91D1-70889EF03686"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}