CVE-2010-0723
published 2010-02-26CVE-2010-0723: SQL injection vulnerability in news.php in Ero Auktion 2.0 and 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter.
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.85%
76.5th percentile
SQL injection vulnerability in news.php in Ero Auktion 2.0 and 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mhproducts | ero_auktion | — | — |
| mhproducts | ero_auktion | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xw43-h3fq-8x5w: SQL injection vulnerability in item
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2010-4614 [HIGH] CWE-89 GHSA-xw43-h3fq-8x5w: SQL injection vulnerability in item
SQL injection vulnerability in item.php in Ero Auktion 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2010-0723.
GHSA
GHSA-2qpj-g893-v358: SQL injection vulnerability in news
ghsa_unreviewed·2022-05-02
CVE-2010-0723 [HIGH] CWE-89 GHSA-2qpj-g893-v358: SQL injection vulnerability in news
SQL injection vulnerability in news.php in Ero Auktion 2.0 and 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Red Hat
kernel: ecryptfs_uid_hash() buffer overflow
vendor_redhat·2010-07-13·CVSS 7.8
CVE-2010-2492 [HIGH] CWE-228 kernel: ecryptfs_uid_hash() buffer overflow
kernel: ecryptfs_uid_hash() buffer overflow
Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux kernel before 2.6.35 might allow local users to gain privileges or cause a denial of service (system crash) via unspecified vectors.
Statement: The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and Red Hat
Enterprise MRG did not include support for eCryptfs, and therefore are not
affected by this issue. A future update in Red Hat Enterprise Linux 6 may
address this flaw. This was addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0723.html.
No detection rules found.
Exploit-DB
Ero Auktion 2010 - 'news.php' SQL Injection
exploitdb·2010-02-22
CVE-2010-0723 Ero Auktion 2010 - 'news.php' SQL Injection
Ero Auktion 2010 - 'news.php' SQL Injection
---
----------------------------Information----------------------------------------
+Autor : Easy Laster
+Date : 21.10.2010
+Script : Ero Auktion 2010 SQL Injection news.php
+Download : -----
+Price : 39,90€
+Language :PHP
+Discovered by Easy Laster
+Security Group 4004-Security-Project
+Greetz to Team-Internet ,Underground Agents
+And all Friends of Cyberlive : R!p,Eddy14,Silent Vapor,Nolok,
Kiba,-tmh-,Dr Chaos,HANN!BAL,Kabel,-=Player=-,Lidloses_Auge,
N00bor.
___ ___ ___ ___ _ _ _ _
| | | | | | |___ ___ ___ ___ ___|_| |_ _ _ ___ ___ ___ ___ |_|___ ___| |_
|_ | | | | |_ |___|_ -| -_| _| _| | _| | |___| . | _| . | | | -_| _| _|
|_|___|___| |_| |___|___|___|_| |_|_| |_ | | _|_| |___|_| |___|___|_|
|___| |_| |___|
+Vulnerability : www.Site.com/new
Exploit-DB
Ero Auktion 2.0 - 'news.php' SQL Injection
exploitdb·2010-02-22
CVE-2010-0723 Ero Auktion 2.0 - 'news.php' SQL Injection
Ero Auktion 2.0 - 'news.php' SQL Injection
---
----------------------------Information----------------------------------------
+Autor : Easy Laster
+Date : 21.10.2010
+Script : Ero Auktion V.2.0 SQL Injection news.php
+Download : -----
+Price : 34,90€
+Language :PHP
+Discovered by Easy Laster
+Security Group 4004-Security-Project
+Greetz to Team-Internet ,Underground Agents
+And all Friends of Cyberlive : R!p,Eddy14,Silent Vapor,Nolok,
Kiba,-tmh-,Dr Chaos,HANN!BAL,Kabel,-=Player=-,Lidloses_Auge,
N00bor.
___ ___ ___ ___ _ _ _ _
| | | | | | |___ ___ ___ ___ ___|_| |_ _ _ ___ ___ ___ ___ |_|___ ___| |_
|_ | | | | |_ |___|_ -| -_| _| _| | _| | |___| . | _| . | | | -_| _| _|
|_|___|___| |_| |___|___|___|_| |_|_| |_ | | _|_| |___|_| |___|___|_|
|___| |_| |___|
+Vulnerability : www.Site.com/new
No writeups or analysis indexed.
http://4004securityproject.wordpress.com/2010/02/21/ero-auktion-2010-sql-injection-news-php/http://4004securityproject.wordpress.com/2010/02/21/ero-auktion-v-2-0-sql-injection-news-php/http://packetstormsecurity.org/1002-exploits/eroauktion20-sql.txthttp://packetstormsecurity.org/1002-exploits/eroauktion2010-sql.txthttp://secunia.com/advisories/38666http://www.exploit-db.com/exploits/11521http://www.exploit-db.com/exploits/11522https://exchange.xforce.ibmcloud.com/vulnerabilities/56446http://4004securityproject.wordpress.com/2010/02/21/ero-auktion-2010-sql-injection-news-php/http://4004securityproject.wordpress.com/2010/02/21/ero-auktion-v-2-0-sql-injection-news-php/http://packetstormsecurity.org/1002-exploits/eroauktion20-sql.txthttp://packetstormsecurity.org/1002-exploits/eroauktion2010-sql.txthttp://secunia.com/advisories/38666http://www.exploit-db.com/exploits/11521http://www.exploit-db.com/exploits/11522https://exchange.xforce.ibmcloud.com/vulnerabilities/56446
2010-02-26
Published