CVE-2010-4980
published 2011-11-01CVE-2010-4980: SQL injection vulnerability in packagedetails.php in iScripts ReserveLogic 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
PriorityP347high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.42%
82.1th percentile
SQL injection vulnerability in packagedetails.php in iScripts ReserveLogic 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| iscripts | reservelogic | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_CLIENT Possible Javascript obfuscation using app.setTimeOut in PDF in Order to Run Code
suricata·2010-10-29
CVE-2018-4980 ET WEB_CLIENT Possible Javascript obfuscation using app.setTimeOut in PDF in Order to Run Code
ET WEB_CLIENT Possible Javascript obfuscation using app.setTimeOut in PDF in Order to Run Code
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT Possible Javascript obfuscation using app.setTimeOut in PDF in Order to Run Code"; flow:established,to_client; file.data; content:"PDF-"; depth:300; content:"app.setTimeOut("; fast_pattern; nocase; distance:0; reference:url,www.h-online.com/security/features/CSI-Internet-PDF-timebomb-1038864.html?page=4; reference:url,www.vicheck.ca/md5query.php?hash=6932d141916cd95e3acaa3952c7596e4; reference:cve,2018-4980; reference:cve,2018-4961; classtype:bad-unknown; sid:2011868; rev:6; metadata:affected_product Web_Browsers, affected_product Web_Browser_Plugins, attack_target Client_Endpoint, created_at 2010_10_29, cve CVE_2018_4980, d
Exploit-DB
Reserve Logic 1.2 Booking CMS - Multiple Vulnerabilities
exploitdb·2012-07-12
CVE-2010-4980 Reserve Logic 1.2 Booking CMS - Multiple Vulnerabilities
Reserve Logic 1.2 Booking CMS - Multiple Vulnerabilities
---
Title:
Reserve Logic v1.2 Booking CMS - Multiple Vulnerabilities
Date:
2012-06-18
References:
http://www.vulnerability-lab.com/get_content.php?id=617
VL-ID:
617
Common Vulnerability Scoring System:
8.5
Introduction:
iScripts ReserveLogic offers an online web based reservation system for the hospitality industry for service providers.
This turn-key reservation system allows you to start online reservation and customer management in minutes.
Flexible Reservation Software. iScripts ReserveLogic is designed to simplify the task of online booking. It provides
users a unique, intuitive and easy to use interface that improves the way people use the web today. Through personalization
and rich features, iScripts ReserveLogic e
Exploit-DB
iScripts ReserveLogic 1.0 - SQL Injection
exploitdb·2010-07-01
CVE-2010-4980 iScripts ReserveLogic 1.0 - SQL Injection
iScripts ReserveLogic 1.0 - SQL Injection
---
iScripts ReserveLogic 1.0 SQL Injection Vulnerability
Name iScripts ReserveLogic
Vendor http://www.iscripts.com
Versions Affected 1.0
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-01-07
X. INDEX
I. ABOUT THE APPLICATION
II. DESCRIPTION
III. ANALYSIS
IV. SAMPLE CODE
V. FIX
I. ABOUT THE APPLICATION
iScripts ReserveLogic allows independent hotel/motels,
B&B, time-shares, campgrounds, tour companies, etc., to
take their business truly online with online reservation
and customer management.
II. DESCRIPTION
A numeric field is not properly sanitised before being
used in a SQL query.
III. ANALYSIS
Summary:
A) SQL Injection
A) SQL Injection
The pid
No writeups or analysis indexed.
http://packetstormsecurity.org/1007-exploits/reservelogic-sql.txthttp://secunia.com/advisories/40435http://securityreason.com/securityalert/8487http://www.exploit-db.com/exploits/14163http://www.salvatorefresta.net/files/adv/iScripts%20ReserveLogic%201.0%20SQL%20Injection%20Vulnerability-01072010.txthttp://www.securityfocus.com/archive/1/512137/100/0/threadedhttps://exchange.xforce.ibmcloud.com/vulnerabilities/59985http://packetstormsecurity.org/1007-exploits/reservelogic-sql.txthttp://secunia.com/advisories/40435http://securityreason.com/securityalert/8487http://www.exploit-db.com/exploits/14163http://www.salvatorefresta.net/files/adv/iScripts%20ReserveLogic%201.0%20SQL%20Injection%20Vulnerability-01072010.txthttp://www.securityfocus.com/archive/1/512137/100/0/threadedhttps://exchange.xforce.ibmcloud.com/vulnerabilities/59985
2011-11-01
Published