Vulnerability Details CVE-2010-4958
SQL injection vulnerability in index.php in Prado Portal 1.2.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.6%
CVSS Severity
CVSS v2 Score 7.5
References
- http://packetstormsecurity.org/1008-exploits/pradoportal-xss.txt
- http://secunia.com/advisories/40902
- http://securityreason.com/securityalert/8468
- http://www.htbridge.ch/advisory/xss_vulnerability_in_prado_portal.html
- http://www.securityfocus.com/archive/1/512888/100/0/threaded
- http://www.vupen.com/english/advisories/2010/2026
- http://packetstormsecurity.org/1008-exploits/pradoportal-xss.txt
- http://secunia.com/advisories/40902
- http://securityreason.com/securityalert/8468
- http://www.htbridge.ch/advisory/xss_vulnerability_in_prado_portal.html
- http://www.securityfocus.com/archive/1/512888/100/0/threaded
- http://www.vupen.com/english/advisories/2010/2026
Products affected by CVE-2010-4958
-
cpe:2.3:a:pradoportal:prado_portal:1.2.0