Vulnerability Description
SQL injection vulnerability in index.php in Uiga Personal Portal, as downloaded on 20100301, allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action. NOTE: some of these details are obtained from third party information.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Uiga | Personal Portal | All versions |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.org/1002-exploits/uigapersonalportal-sql.txtExploit
- http://secunia.com/advisories/38757Vendor Advisory
- http://www.exploit-db.com/exploits/11599Exploit
- http://www.vupen.com/english/advisories/2010/0488Vendor Advisory
- http://packetstormsecurity.org/1002-exploits/uigapersonalportal-sql.txtExploit
- http://secunia.com/advisories/38757Vendor Advisory
- http://www.exploit-db.com/exploits/11599Exploit
- http://www.vupen.com/english/advisories/2010/0488Vendor Advisory
FAQ
What is CVE-2010-1364?
CVE-2010-1364 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in index.php in Uiga Personal Portal, as downloaded on 20100301, allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action. NOTE: s...
How severe is CVE-2010-1364?
CVE-2010-1364 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-1364?
Check the references section above for vendor advisories and patch information. Affected products include: Uiga Personal Portal.