PT-2011-1786 · Eclime · Eclime

Published

2011-09-27

Updated

2012-02-14

CVE-2010-4851

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Eclime version 1.1.2b

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the ref or poll id parameter to "index.php", or the country parameter to "create account.php".

Recommendations For Eclime version 1.1.2b, avoid using the ref, poll id, and country parameters in the affected API endpoints until the issue is resolved. Restrict access to "index.php" and "create account.php" to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2010-4851

Affected Products

Eclime

PT-2011-1786 · Eclime · Eclime

CVE-2010-4851

Weakness Enumeration

Related Identifiers

Affected Products

References · 9