PT-2010-3314 · Infocus · Infocus Real Estate Enterprise Edition

Sid3^Effects

Publicado

2010-04-30

Atualizado

2010-05-03

CVE-2010-1654

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Infocus Real Estate Enterprise Edition (affected versions not specified)

Description The issue concerns SQL injection vulnerabilities in the system member login.php file. Remote attackers can execute arbitrary SQL commands by manipulating the username (also known as login) and password parameters.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2010-1654

Produtos afetados

Infocus Real Estate Enterprise Edition

PT-2010-3314 · Infocus · Infocus Real Estate Enterprise Edition

CVE-2010-1654

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7