VRDA Feed : Provides information for vulnerability impact analysis

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-1708

free_realty: Multiple SQL injection vulnerabilities in agentadmi...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1708

Original

Multiple SQL injection vulnerabilities in agentadmin.php in Free Realty allow remote attackers to execute arbitrary SQL commands via the (1) login field (aka agentname parameter) or (2) password field (aka agentpassword parameter).

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-05-04

Source Information Category:

Advisory, Alert

Last Updated:

2010-05-05

Affected Product Tags

cpe:/a:freerealty.rwcinc:free_realty:2.6

cpe:/a:freerealty.rwcinc:free_realty:2.6.1

cpe:/a:freerealty.rwcinc:free_realty:2.6.2

cpe:/a:freerealty.rwcinc:free_realty:2.7:pre1

cpe:/a:freerealty.rwcinc:free_realty:2.7:pre2

cpe:/a:freerealty.rwcinc:free_realty:2.7:pre3

cpe:/a:freerealty.rwcinc:free_realty:2.7:pre4

cpe:/a:freerealty.rwcinc:free_realty:2.7:pre5

cpe:/a:freerealty.rwcinc:free_realty:2.7:pre6

cpe:/a:freerealty.rwcinc:free_realty:2.7:pre7

cpe:/a:freerealty.rwcinc:free_realty:2.8

cpe:/a:freerealty.rwcinc:free_realty:2.8.2

cpe:/a:freerealty.rwcinc:free_realty:2.8.3

cpe:/a:freerealty.rwcinc:free_realty:2.8.4

cpe:/a:freerealty.rwcinc:free_realty:2.8.5

cpe:/a:freerealty.rwcinc:free_realty:2.8.6

cpe:/a:freerealty.rwcinc:free_realty:2.8.6-1

cpe:/a:freerealty.rwcinc:free_realty:2.8.6:pre1

cpe:/a:freerealty.rwcinc:free_realty:2.8.6:pre2

cpe:/a:freerealty.rwcinc:free_realty:2.8.6:pre3

cpe:/a:freerealty.rwcinc:free_realty:2.9-0.0

cpe:/a:freerealty.rwcinc:free_realty:2.9-0.1

cpe:/a:freerealty.rwcinc:free_realty:2.9-0.2

cpe:/a:freerealty.rwcinc:free_realty:2.9-0.3

cpe:/a:freerealty.rwcinc:free_realty:2.9-0.4

cpe:/a:freerealty.rwcinc:free_realty:2.9-0.5

cpe:/a:freerealty.rwcinc:free_realty:2.9-0.7

cpe:/a:freerealty.rwcinc:free_realty:2.9-0.7.1

cpe:/a:freerealty.rwcinc:free_realty:2.9-0.7.2

cpe:/a:freerealty.rwcinc:free_realty:2.9-0.7.3

cpe:/a:freerealty.rwcinc:free_realty:2.9-0.7.4

cpe:/a:freerealty.rwcinc:free_realty:2.9:pre1

cpe:/a:freerealty.rwcinc:free_realty:2.9:pre2

cpe:/a:freerealty.rwcinc:free_realty:2.9:pre2.1

cpe:/a:freerealty.rwcinc:free_realty:2.9:pre2.2

cpe:/a:freerealty.rwcinc:free_realty:2.9:pre3.0

cpe:/a:freerealty.rwcinc:free_realty:3.0-0:rc1

cpe:/a:freerealty.rwcinc:free_realty:3.0-0:rc2

cpe:/a:freerealty.rwcinc:free_realty:3.0-0:rc3

cpe:/a:freerealty.rwcinc:free_realty:3.0-0:rc4

cpe:/a:freerealty.rwcinc:free_realty:3.0-0:rc5

cpe:/a:freerealty.rwcinc:free_realty:3.0-0:rc6

cpe:/a:freerealty.rwcinc:free_realty:3.0-0:rc7

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

BID 39712

MISC http://www.exploit-db.com/exploits/12411

MISC http://packetstormsecurity.org/1004-exploits/freerealty-sql.txt

Vulnerability Type SQL Injection (CWE-89)

XF freerealty-agentadmin-sql-injection(58193)