CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2010-1704

Multiple SQL injection vulnerabilities in 2daybiz Polls (aka Advanced Poll) Script allow remote attackers to execute arbitrary SQL commands via (1) the password field to login.php, (2) the login field (aka email parameter) to login.php, (3) the password field (aka pass parameter) to the default URI under admin/, and possibly (4) the login field to the default URI under admin/. NOTE: some of these details are obtained from third party information.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.011

EPSS Ranking 77.5%

CVSS Severity

CVSS v2 Score 7.5

References

http://packetstormsecurity.org/1004-exploits/aps-sqlxss.txt
http://secunia.com/advisories/39622
http://www.exploit-db.com/exploits/12395
http://www.securityfocus.com/bid/39745
https://exchange.xforce.ibmcloud.com/vulnerabilities/58127
https://exchange.xforce.ibmcloud.com/vulnerabilities/58189
http://packetstormsecurity.org/1004-exploits/aps-sqlxss.txt
http://secunia.com/advisories/39622
http://www.exploit-db.com/exploits/12395
http://www.securityfocus.com/bid/39745
https://exchange.xforce.ibmcloud.com/vulnerabilities/58127
https://exchange.xforce.ibmcloud.com/vulnerabilities/58189

Products affected by CVE-2010-1704

2daybiz » Polls Script » Version: Any

cpe:2.3:a:2daybiz:polls_script:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2010-1704

Products

Pricing

Contact Us