Published: 11/02/2010 Updated: 10/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SQL injection vulnerability in ajax.php in evalSMSI 2.1.03 allows remote malicious users to execute arbitrary SQL commands via the query parameter in the (1) question action, and possibly the (2) sub_par or (3) num_quest actions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
myshell evalsmsi 2.1.03

source: wwwsecurityfocuscom/bid/38116/info evalSMSI is prone to multiple vulnerabilities, including an authentication-bypass issue, an SQL-Injection issue, and an HTML-Injection issue Attackers can exploit these issues to gain administrative access to the affected application, execute arbitrary script code in the browser of an unsuspect ...

CWE-89 http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-008-evalmsi-2-1-03-multiple-vulnerabilities/http://packetstormsecurity.org/1002-exploits/corelan-10-008-evalmsi.txt http://www.osvdb.org/62177 http://secunia.com/advisories/38478 http://www.securityfocus.com/bid/38116 https://exchange.xforce.ibmcloud.com/vulnerabilities/56152 http://www.securityfocus.com/archive/1/509370/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/33602/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-0614

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect