PT-2010-2373 · Evalsmsi · Evalsmsi

Published

2010-02-11

Updated

2018-10-10

CVE-2010-0616

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions evalSMSI version 2.1.03

Description The issue allows attackers with database access to gain privileges by leveraging stored passwords in cleartext. Remote attack vectors are possible by leveraging a separate SQL injection vulnerability.

Recommendations For evalSMSI version 2.1.03, consider updating the password storage mechanism to a more secure method, such as hashing and salting, to prevent unauthorized access. As a temporary workaround, restrict database access to minimize the risk of exploitation. Additionally, address the separate SQL injection vulnerability to prevent remote attacks.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-255

Related Identifiers

CVE-2010-0616

Affected Products

Evalsmsi

PT-2010-2373 · Evalsmsi · Evalsmsi

CVE-2010-0616

Weakness Enumeration

Related Identifiers

Affected Products

References · 7