PT-2010-2461 · Aspcode · Aspcode Cms
Publicado
2010-02-25
·
Atualizado
2010-02-26
·
CVE-2010-0710
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
ASPCode CMS versions 1.5.8 through 2.0.0 Build 103
Description
A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the
newsid parameter when the sec parameter is set to 26.Recommendations
For ASPCode CMS versions 1.5.8 through 2.0.0 Build 103, as a temporary workaround, consider restricting access to the default.asp page or avoiding the use of the
newsid parameter when the sec parameter is 26 until a patch is available.Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Aspcode Cms