CVE-2010-4782

Multiple SQL injection vulnerabilities in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) city, (2) state, (3) country, (4) minprice, (5) maxprice, (6) bed, and (7) bath parameters, different vectors than CVE-2006-6807.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://packetstormsecurity.org/files/view/96305/anandarealestate-sql.txt	Exploit
http://secunia.com/advisories/23506	Vendor Advisory
http://securityreason.com/securityalert/8185
http://www.exploit-db.com/exploits/15661	Exploit
http://www.securityfocus.com/bid/45146	Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:softwebsnepal:ananda_real_estate:3.4:*:*:*:*:*:*:*

History

No history.

Information

Published : 2011-04-07 14:23

Updated : 2024-02-28 11:41

NVD link : CVE-2010-4782

Mitre link : CVE-2010-4782

CVE.ORG link : CVE-2010-4782

JSON object : View

Products Affected

softwebsnepal

ananda_real_estate

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2010-4782", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-04-07T14:23:53.420", "references": [{"url": "http://packetstormsecurity.org/files/view/96305/anandarealestate-sql.txt", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/23506", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/8185", "source": "cve@mitre.org"}, {"url": "http://www.exploit-db.com/exploits/15661", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/45146", "tags": ["Exploit"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) city, (2) state, (3) country, (4) minprice, (5) maxprice, (6) bed, and (7) bath parameters, different vectors than CVE-2006-6807."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en list.asp Softwebs en Nepal (tambi\u00e9n conocido como Ananda Raj Pandey) Ananda Real Estate v3.4, permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de los par\u00e1metros (1) city, (2) state, (3) country, (4) minprice, (5) maxprice, (6) bed, and (7) bath, diferentes vectores que CVE-2006-6807."}], "lastModified": "2011-09-22T03:27:18.397", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:softwebsnepal:ananda_real_estate:3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B55B139-901C-4726-91D1-70889EF03686"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}