Vulnerability Details CVE-2010-1583
SQL injection vulnerability in the loadByKey function in the TznDbConnection class in tzn_mysql.php in Tirzen (aka TZN) Framework 1.5, as used in TaskFreak! before 0.6.3, allows remote attackers to execute arbitrary SQL commands via the username field in a login action.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.8%
CVSS Severity
CVSS v2 Score 7.5
References
- http://www.exploit-db.com/exploits/12452
- http://www.madirish.net/?article=456
- http://www.securityfocus.com/bid/39793
- http://www.taskfreak.com/versions.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/58241
- http://www.exploit-db.com/exploits/12452
- http://www.madirish.net/?article=456
- http://www.securityfocus.com/bid/39793
- http://www.taskfreak.com/versions.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/58241
Products affected by CVE-2010-1583
-
cpe:2.3:a:taskfreak:taskfreak!:*
-
cpe:2.3:a:taskfreak:taskfreak!:0.1
-
cpe:2.3:a:taskfreak:taskfreak!:0.1.2
-
cpe:2.3:a:taskfreak:taskfreak!:0.1.3
-
cpe:2.3:a:taskfreak:taskfreak!:0.1.4
-
cpe:2.3:a:taskfreak:taskfreak!:0.4.0
-
cpe:2.3:a:taskfreak:taskfreak!:0.4.1
-
cpe:2.3:a:taskfreak:taskfreak!:0.4.2
-
cpe:2.3:a:taskfreak:taskfreak!:0.5.0
-
cpe:2.3:a:taskfreak:taskfreak!:0.5.1
-
cpe:2.3:a:taskfreak:taskfreak!:0.5.2
-
cpe:2.3:a:taskfreak:taskfreak!:0.5.3
-
cpe:2.3:a:taskfreak:taskfreak!:0.5.4
-
cpe:2.3:a:taskfreak:taskfreak!:0.5.5
-
cpe:2.3:a:taskfreak:taskfreak!:0.5.6
-
cpe:2.3:a:taskfreak:taskfreak!:0.5.7
-
cpe:2.3:a:taskfreak:taskfreak!:0.6.0
-
cpe:2.3:a:taskfreak:taskfreak!:0.6.1
-
cpe:2.3:a:tirzen:tirzen_framework:1.5