CVE-2010-2686

Multiple SQL injection vulnerabilities in clientes.asp in the TopManage OLK module 1.91.30 for SAP allow remote attackers to execute arbitrary SQL commands via the (1) PriceFrom, (2) PriceTo, and (3) InvFrom parameters, as reachable from olk/c_p/searchCart.asp, and other unspecified vectors when performing an advanced search.  NOTE: some of these details are obtained from third party information.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
VendorProductVersion
topmanageolk_module
1.91.30
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/40424
http://www.securityfocus.com/archive/1/512084/100/0/threaded
http://www.securityfocus.com/archive/1/512135
http://www.securityfocus.com/bid/41208
http://secunia.com/advisories/40424
http://www.securityfocus.com/archive/1/512084/100/0/threaded
http://www.securityfocus.com/archive/1/512135
http://www.securityfocus.com/bid/41208