CVE-2010-3212 - Vulnerability Details - OpenCVE

SQL injection vulnerability in index.php in Seagull 0.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via the frmQuestion parameter in a retrieve action, in conjunction with a user/password PATH_INFO.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Seagullproject.org	Seagull

Configuration 1 [-]

OR	cpe:2.3:a:seagullproject.org:seagull::::::::
	cpe:2.3:a:seagullproject.org:seagull:0.4.6:::::::*
	cpe:2.3:a:seagullproject.org:seagull:0.4.7:::::::*
	cpe:2.3:a:seagullproject.org:seagull:0.6.0:::::::*
	cpe:2.3:a:seagullproject.org:seagull:0.6.0:rc1::::::
	cpe:2.3:a:seagullproject.org:seagull:0.6.0:rc2::::::
	cpe:2.3:a:seagullproject.org:seagull:0.6.0:rc3::::::
	cpe:2.3:a:seagullproject.org:seagull:0.6.1:::::::*
	cpe:2.3:a:seagullproject.org:seagull:0.6.2:::::::*
	cpe:2.3:a:seagullproject.org:seagull:0.6.3:::::::*
	cpe:2.3:a:seagullproject.org:seagull:0.6.4:::::::*
	cpe:2.3:a:seagullproject.org:seagull:0.6.5:::::::*
	cpe:2.3:a:seagullproject.org:seagull:0.6.6:::::::*

No data.

References

Link	Providers
http://osvdb.org/67689
http://packetstormsecurity.org/1008-exploits/seagull-sql.txt
http://secunia.com/advisories/41169
http://www.exploit-db.com/exploits/14838
https://exchange.xforce.ibmcloud.com/vulnerabilities/61469

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-09-03T17:12:00

Updated: 2024-08-07T03:03:18.593Z

Reserved: 2010-09-03T00:00:00

Link: CVE-2010-3212

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2010-09-03T18:00:04.623

Modified: 2025-04-11T00:51:21.963

Link: CVE-2010-3212

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-08-29T00:00:00", "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in index.php in Seagull 0.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via the frmQuestion parameter in a retrieve action, in conjunction with a user/password PATH_INFO."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "67689", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/67689"}, {"name": "14838", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/14838"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.org/1008-exploits/seagull-sql.txt"}, {"name": "seagull-index-sql-injection(61469)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61469"}, {"name": "41169", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/41169"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-3212", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SQL injection vulnerability in index.php in Seagull 0.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via the frmQuestion parameter in a retrieve action, in conjunction with a user/password PATH_INFO."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "67689", "refsource": "OSVDB", "url": "http://osvdb.org/67689"}, {"name": "14838", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/14838"}, {"name": "http://packetstormsecurity.org/1008-exploits/seagull-sql.txt", "refsource": "MISC", "url": "http://packetstormsecurity.org/1008-exploits/seagull-sql.txt"}, {"name": "seagull-index-sql-injection(61469)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61469"}, {"name": "41169", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/41169"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:03:18.593Z"}, "title": "CVE Program Container", "references": [{"name": "67689", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/67689"}, {"name": "14838", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "http://www.exploit-db.com/exploits/14838"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.org/1008-exploits/seagull-sql.txt"}, {"name": "seagull-index-sql-injection(61469)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61469"}, {"name": "41169", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/41169"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-3212", "datePublished": "2010-09-03T17:12:00", "dateReserved": "2010-09-03T00:00:00", "dateUpdated": "2024-08-07T03:03:18.593Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:seagullproject.org:seagull:*:*:*:*:*:*:*:*", "matchCriteriaId": "602F0728-F961-4E75-88A8-40A31971F971", "versionEndIncluding": "0.6.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:seagullproject.org:seagull:0.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "57055AA8-8937-4F3D-94C4-A71006F446ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:seagullproject.org:seagull:0.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "1D47F05A-68BD-4392-A1F2-7AAB94495BE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:seagullproject.org:seagull:0.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "BC2548CF-1DFF-4889-AA02-214CC165328B", "vulnerable": true}, {"criteria": "cpe:2.3:a:seagullproject.org:seagull:0.6.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "7FEFA7E9-5380-4E68-866E-A9246A09A741", "vulnerable": true}, {"criteria": "cpe:2.3:a:seagullproject.org:seagull:0.6.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "A388222E-445F-4C64-BDD6-42450DAD36DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:seagullproject.org:seagull:0.6.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "E1A2F16D-22DE-435F-BFDE-B8086D078381", "vulnerable": true}, {"criteria": "cpe:2.3:a:seagullproject.org:seagull:0.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "1F46650A-915A-4094-9189-AACC681A3FFE", "vulnerable": true}, {"criteria": "cpe:2.3:a:seagullproject.org:seagull:0.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "63D07A47-35FF-46DD-B00E-CD8E9C558C3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:seagullproject.org:seagull:0.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "36CE1627-C7CB-4EF4-B1AD-E88CA153375E", "vulnerable": true}, {"criteria": "cpe:2.3:a:seagullproject.org:seagull:0.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "56E57B12-0614-45D9-9315-47124EEC74B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:seagullproject.org:seagull:0.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "2B429C44-8AF8-4B07-89F6-D06F981D317B", "vulnerable": true}, {"criteria": "cpe:2.3:a:seagullproject.org:seagull:0.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "1A917727-24C6-4E80-BF8C-CA4465B75E18", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in index.php in Seagull 0.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via the frmQuestion parameter in a retrieve action, in conjunction with a user/password PATH_INFO."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en index.php en Seagull v0.6.7 y anteriores permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro frmQuestion en una acci\u00f3n de recuperaci\u00f3n, en conjunci\u00f3n con user/password PATH_INFO."}], "id": "CVE-2010-3212", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-09-03T18:00:04.623", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/67689"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://packetstormsecurity.org/1008-exploits/seagull-sql.txt"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/41169"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.exploit-db.com/exploits/14838"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61469"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/67689"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://packetstormsecurity.org/1008-exploits/seagull-sql.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/41169"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.exploit-db.com/exploits/14838"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61469"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}