CVE-2010-2317 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2010-2317?

CVE-2010-2317 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2010-2317?

Check the references section above for vendor advisories and patch information. Affected products include: Wmsdesign Wmscms.

Vulnerability Description

Multiple SQL injection vulnerabilities in WmsCms 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) search, (2) sbr, (3) pid, (4) sbl, and (5) FilePath parameters to default.asp; and the (6) sbr, (7) pr, and (8) psPrice parameters to printpage.asp.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Wmsdesign	Wmscms	<= 2.0

Related Weaknesses (CWE)

CWE-89

References

http://www.ariko-security.com/june2010/audyt_bezpieczenstwa_692.htmlExploit
http://www.exploit-db.com/exploits/13739/Exploit
http://www.securityfocus.com/bid/40591Exploit
http://www.vupen.com/english/advisories/2010/1361Vendor Advisory
http://www.ariko-security.com/june2010/audyt_bezpieczenstwa_692.htmlExploit
http://www.exploit-db.com/exploits/13739/Exploit
http://www.securityfocus.com/bid/40591Exploit
http://www.vupen.com/english/advisories/2010/1361Vendor Advisory

FAQ

What is CVE-2010-2317?

CVE-2010-2317 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in WmsCms 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) search, (2) sbr, (3) pid, (4) sbl, and (5) FilePath parameters to ...

How severe is CVE-2010-2317?

CVE-2010-2317 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-2317?

Check the references section above for vendor advisories and patch information. Affected products include: Wmsdesign Wmscms.