Vulnerability Description
SQL injection vulnerability in takefreestart.php in PreProjects Pre Online Tests Generator Pro allows remote attackers to execute arbitrary SQL commands via the tid2 parameter.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Preprojects | Pre Online Tests Generator | All versions |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.org/files/view/95817/potgp-sql.txtExploit
- http://securityreason.com/securityalert/8158
- http://www.exploit-db.com/exploits/15526Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/63246
- http://packetstormsecurity.org/files/view/95817/potgp-sql.txtExploit
- http://securityreason.com/securityalert/8158
- http://www.exploit-db.com/exploits/15526Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/63246
FAQ
What is CVE-2010-4776?
CVE-2010-4776 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in takefreestart.php in PreProjects Pre Online Tests Generator Pro allows remote attackers to execute arbitrary SQL commands via the tid2 parameter.
How severe is CVE-2010-4776?
CVE-2010-4776 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-4776?
Check the references section above for vendor advisories and patch information. Affected products include: Preprojects Pre Online Tests Generator.