CVE-2010-2686

EUVD-2010-2690
Multiple SQL injection vulnerabilities in clientes.asp in the TopManage OLK module 1.91.30 for SAP allow remote attackers to execute arbitrary SQL commands via the (1) PriceFrom, (2) PriceTo, and (3) InvFrom parameters, as reachable from olk/c_p/searchCart.asp, and other unspecified vectors when performing an advanced search.  NOTE: some of these details are obtained from third party information.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
Affected Products (NVD)
VendorProductVersion
topmanageolk_module
1.91.30
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/40424
http://www.securityfocus.com/archive/1/512084/100/0/threaded
http://www.securityfocus.com/archive/1/512135
http://www.securityfocus.com/bid/41208
http://secunia.com/advisories/40424
http://www.securityfocus.com/archive/1/512084/100/0/threaded
http://www.securityfocus.com/archive/1/512135
http://www.securityfocus.com/bid/41208