CVE-2010-0112

CWE-89 ā€” SQL Injection7 documents4 sources
Severity
7.5HIGH
EPSS
4.6%
top 10.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Symantec IM Manager
Timeline
PublishedOct 28
Latest updateMay 2

Description

Multiple SQL injection vulnerabilities in the Administrative Interface in the IIS extension in Symantec IM Manager before 8.4.16 allow remote attackers to execute arbitrary SQL commands via (1) the rdReport parameter to rdpageimlogic.aspx, related to the sGetDefinition function in rdServer.dll, and SQL statements contained within a certain report file; (2) unspecified parameters in a DetailReportGroup (aka DetailReportGroup.lgx) action to rdpageimlogic.aspx; the (3) selclause, (4) whereTrendTimeā€¦

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

ā–¶NVDsymantec/im_manager8.4.15+17

šŸ”“Vulnerability Details

2
GHSA
GHSA-w69h-w8m8-xgqf: Multiple SQL injection vulnerabilities in the Administrative Interface in the IIS extension in Symantec IM Manager before 8ā†—2022-05-02
ā–¶
CVEList
CVE-2010-0112: Multiple SQL injection vulnerabilities in the Administrative Interface in the IIS extension in Symantec IM Manager before 8ā†—2010-10-28
ā–¶

šŸ’¬Community

2
Bugzilla
CVE-2010-0167 firefox/thunderbird/seamonkey: crashes with evidence of memory corruption (MFSA 2010-11)ā†—2010-03-24
ā–¶
Bugzilla
CVE-2010-0169 firefox/thunderbird/seamonkey: browser chrome defacement via cached XUL stylesheets (MFSA 2010-14)ā†—2010-03-24
ā–¶
CVE-2010-0112 (HIGH CVSS 7.5) | Multiple SQL injection vulnerabilit | cvebase.io