Vulnerability Description
SQL injection vulnerability in catalog/index.shtml in 4site CMS 2.6, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the i and th vectors are already covered by CVE-2009-0646.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| 4Site | 4Site Cms | <= 2.6 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/33733Vendor Advisory
- http://www.htbridge.ch/advisory/sql_injection_in_4site_cms.htmlExploit
- http://www.securityfocus.com/archive/1/514376/100/0/threaded
- http://www.securityfocus.com/bid/44258
- http://secunia.com/advisories/33733Vendor Advisory
- http://www.htbridge.ch/advisory/sql_injection_in_4site_cms.htmlExploit
- http://www.securityfocus.com/archive/1/514376/100/0/threaded
- http://www.securityfocus.com/bid/44258
FAQ
What is CVE-2010-4152?
CVE-2010-4152 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in catalog/index.shtml in 4site CMS 2.6, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the i and th vectors ...
How severe is CVE-2010-4152?
CVE-2010-4152 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-4152?
Check the references section above for vendor advisories and patch information. Affected products include: 4Site 4Site Cms.