Vulnerability ID 5339

WebMaster Solutions WmsCms 2.0 printpage.asp Eingabe sql injection

CVSSv3 Temp ScoreCurrent Exploit Price (≈)
7.3$0-$1k

A vulnerability, which was classified as critical, has been found in WebMaster Solutions WmsCms 2.0. This issue affects an unknown function of the file default.asp/printpage.asp. The manipulation as part of a Eingabe leads to a sql injection vulnerability. Impacted is confidentiality, integrity, and availability.

The weakness was shared 06/06/2010 by MG with Ariko-Security as 65465 as knowledge base article (OSVDB). The advisory is shared for download at osvdb.org. The vendor was not involved in the public release. The identification of this vulnerability is CVE-2010-2317 since 06/17/2010. The exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Technical details as well as a public exploit are known.

A public exploit has been developed by MG and been published even before and not after the advisory. The exploit is shared for download at exploit-db.com. The vulnerability was handled as a non-public zero-day exploit for at least 27 days. During that time the estimated underground price was around $2k-$5k.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the databases at SecurityFocus (BID 40591) and Secunia (SA25583). wmsdesign.net is providing further details. See 37200 for similar entries.

CVSSv3

Base Score: 7.3 [?]
Temp Score: 7.3 [?]
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X [?]
Reliability: High

CVSSv2

Base Score: 7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P) [?]
Temp Score: 7.5 (CVSS2#E:ND/RL:ND/RC:ND) [?]
Reliability: High

AVACAuCIA
LHMNNN
AMSPPP
NLNCCC
VectorComplexityAuthenticationConfidentialityIntegrityAvailability
LocalHighMultipleNoneNoneNone
AdjacentMediumSinglePartialPartialPartial
NetworkLowNoneCompleteCompleteComplete

CPE

Exploiting

Class: Sql injection (CWE-89)
Local: No
Remote: Yes

Availability: Yes
Access: Public
Author: MG
Download: exploit-db.com

Current Price Estimation: $2k-$5k (0-day) / $0-$1k (Today)

0-Day$0-$1k$1k-$2k$2k-$5k$5k-$10k$10k-$25k$25k-$50k$50k-$100k$100k-$500k
Today$0-$1k$1k-$2k$2k-$5k$5k-$10k$10k-$25k$25k-$50k$50k-$100k$100k-$500k

Exploit-DB: 13739

Countermeasures

Recommended: no mitigation known
0-Day Time: 27 days since found

Timeline

05/10/2010 Vendor informed
06/05/2010 +26 days Exploit disclosed
06/06/2010 +1 days Advisory disclosed
06/12/2010 +6 days OSVDB entry created
06/17/2010 +5 days CVE assigned
06/17/2010 +0 days NVD disclosed
05/08/2012 +691 days VulDB entry created
08/04/2015 +1184 days VulDB entry updated

Sources

Advisory: 65465
Researcher: MG
Organization: Ariko-Security

CVE: CVE-2010-2317 (mitre.org) (nvd.nist.org) (cvedetails.com)

SecurityFocus: 40591 - WmsCms Multiple SQL Injection Vulnerabilities
Secunia: 25583 - WmsCms Multiple Cross-Site Scripting Vulnerabilities, Less Critical
OSVDB: 65465 - WMS-CMS printpage.asp Multiple Parameter SQL Injection
Vupen: ADV-2010-1361

Misc.: wmsdesign.net
See also: 37200

Entry

Created: 05/08/2012
Updated: 08/04/2015
Entry: 85.9% complete