CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2010-1994

SQL injection vulnerability in index.php in TomatoCMS before 2.0.5 allows remote attackers to execute arbitrary SQL commands via the q parameter in conjunction with a /news/search PATH_INFO.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 56.1%

CVSS Severity

CVSS v2 Score 7.5

References

http://holisticinfosec.org/content/view/141/45/
http://osvdb.org/64551
http://secunia.com/advisories/39320
http://secunia.com/secunia_research/2010-56
http://www.securityfocus.com/archive/1/511273/100/0/threaded
http://www.securityfocus.com/bid/40108
https://exchange.xforce.ibmcloud.com/vulnerabilities/58470
http://holisticinfosec.org/content/view/141/45/
http://osvdb.org/64551
http://secunia.com/advisories/39320
http://secunia.com/secunia_research/2010-56
http://www.securityfocus.com/archive/1/511273/100/0/threaded
http://www.securityfocus.com/bid/40108
https://exchange.xforce.ibmcloud.com/vulnerabilities/58470

Products affected by CVE-2010-1994

Tomatocms » Tomatocms » Version: Any

cpe:2.3:a:tomatocms:tomatocms:*
Tomatocms » Tomatocms » Version: 2.0.0

cpe:2.3:a:tomatocms:tomatocms:2.0.0
Tomatocms » Tomatocms » Version: 2.0.1

cpe:2.3:a:tomatocms:tomatocms:2.0.1
Tomatocms » Tomatocms » Version: 2.0.2

cpe:2.3:a:tomatocms:tomatocms:2.0.2
Tomatocms » Tomatocms » Version: 2.0.3

cpe:2.3:a:tomatocms:tomatocms:2.0.3
Tomatocms » Tomatocms » Version: 2.0.3.1430

cpe:2.3:a:tomatocms:tomatocms:2.0.3.1430
Tomatocms » Tomatocms » Version: 2.0.3.1622

cpe:2.3:a:tomatocms:tomatocms:2.0.3.1622

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2010-1994

Products

Pricing

Contact Us