VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-1493
com_awdwall: SQL injection vulnerability in the AWDwall (com_awd...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1493

Original

SQL injection vulnerability in the AWDwall (com_awdwall) component before 1.5.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cbuser parameter in an awdwall action to index.php.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-04-23
Source Information Category:
Advisory, Alert
Last Updated:
2010-04-26




Affected Product Tags
cpe:/a:awdsolution:com_awdwall:1.5.4 and previous versions
cpe:/a:joomla:joomla%21
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
Medium [?]
X Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
Alternatives




References
BID 38194




CONFIRM http://www.awdwall.com/index.php/awdwall-updates-logs-




MISC http://www.exploit-db.com/exploits/12113




MISC http://packetstormsecurity.org/1004-exploits/joomlaawdwall-lfisql.txt




OSVDB 63942




SECUNIA 39553




Vulnerability Type SQL Injection (CWE-89)




XF comawdwall-itemid-sql-injection(57694)




Copyright © 2010 JPCERT/CC All Rights Reserved.