PT-2010-4153 · Iscripts · Iscripts Easysnaps

Drosophila

Published

2010-07-02

Updated

2018-10-10

CVE-2010-2624

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions iScripts EasySnaps version 2.0

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the comment parameter to "add comments.php", the values parameter to "tags details.php", or the begin parameter to "greetings.php".

Recommendations For iScripts EasySnaps version 2.0, consider restricting access to the affected API endpoints "add comments.php", "tags details.php", and "greetings.php" to minimize the risk of exploitation. Avoid using the comment, values, and begin parameters in these endpoints until the issue is resolved.

Exploit

Fix

RCE

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2010-2624

Affected Products

Iscripts Easysnaps

PT-2010-4153 · Iscripts · Iscripts Easysnaps

CVE-2010-2624

Weakness Enumeration

Related Identifiers

Affected Products

References · 9