CVE-2010-5017
published 2011-11-02CVE-2010-5017: SQL injection vulnerability in stats.php in Elite Gaming Ladders 3.0 allows remote attackers to execute arbitrary SQL commands via the account parameter.
PriorityP345high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.05%
59.9th percentile
SQL injection vulnerability in stats.php in Elite Gaming Ladders 3.0 allows remote attackers to execute arbitrary SQL commands via the account parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| eliteladders | elite_gaming_ladders | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-357w-7wgc-xpmq: SQL injection vulnerability in stats
ghsa_unreviewed·2022-05-17
CVE-2010-5017 [HIGH] CWE-89 GHSA-357w-7wgc-xpmq: SQL injection vulnerability in stats
SQL injection vulnerability in stats.php in Elite Gaming Ladders 3.0 allows remote attackers to execute arbitrary SQL commands via the account parameter.
Red Hat
Firefox: overlong UTF-8 seqence detection problem
vendor_redhat·2009-08-21·CVSS 4.3
CVE-2009-5017 [MEDIUM] Firefox: overlong UTF-8 seqence detection problem
Firefox: overlong UTF-8 seqence detection problem
Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong UTF-8 encoding, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted string, a different vulnerability than CVE-2010-1210.
No detection rules found.
Bugzilla
CVE-2009-5017 Firefox: overlong UTF-8 seqence detection problem
bugzilla·2010-11-23·CVSS 4.3
CVE-2009-5017 [MEDIUM] CVE-2009-5017 Firefox: overlong UTF-8 seqence detection problem
CVE-2009-5017 Firefox: overlong UTF-8 seqence detection problem
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-5017 to
the following vulnerability:
Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong UTF-8
encoding, which makes it easier for remote attackers to bypass cross-site
scripting (XSS) protection mechanisms via a crafted string, a different
vulnerability than CVE-2010-1210.
References:
[1] http://sirdarckcat.blogspot.com/2009/10/couple-of-unicode-issues-on-php-and.html
[2] http://hg.mozilla.org/releases/mozilla-1.9.2/rev/e42c563313a0
[3] https://bugzilla.mozilla.org/show_bug.cgi?id=511859
[4] https://bugzilla.mozilla.org/show_bug.cgi?id=522634
Reference public PoC:
[5] https://bugzilla.mozilla.org/show_bug.cgi?id=511859#c1
Upstream change
Bugzilla
CVE-2009-5017 Firefox: overlong UTF-8 seqence detection problem [fedora-12]
bugzilla·2010-11-23·CVSS 4.3
CVE-2009-5017 [MEDIUM] CVE-2009-5017 Firefox: overlong UTF-8 seqence detection problem [fedora-12]
CVE-2009-5017 Firefox: overlong UTF-8 seqence detection problem [fedora-12]
fedora-12 tracking bug for firefox: see blocks bug list for full details of the security issue(s).
This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.
[bug automatically created by: add-tracking-bugs]
Discussion:
Fedora 12 changed to end-of-life (EOL) status on 2010-12-02. Fedora 12 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.
If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version.
Thank you for reporting this bug and we are sorry it could not be fixed.
http://secunia.com/advisories/36732http://www.exploit-db.com/exploits/10978http://www.securityfocus.com/bid/40163http://www.vupen.com/english/advisories/2010/0012https://exchange.xforce.ibmcloud.com/vulnerabilities/55335http://secunia.com/advisories/36732http://www.exploit-db.com/exploits/10978http://www.securityfocus.com/bid/40163http://www.vupen.com/english/advisories/2010/0012https://exchange.xforce.ibmcloud.com/vulnerabilities/55335
2011-11-02
Published