7.5
CVE-2010-2098
- EPSS 1.05%
- Veröffentlicht 27.05.2010 22:30:02
- Zuletzt bearbeitet 16.06.2026 23:19:58
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 and earlier allows remote attackers to conduct SQL injection attacks via the loginname parameter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.05% | 0.598 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://php-security.org/2010/05/15/mops-2010-029-cmsqlite-c-parameter-sql-injection-vulnerability/index.html
http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/usersettings.php?r1=11521&r2=11538
http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/usersettings.php?r1=11538&r2=11541