CVE-2010-2826

SQL injection vulnerability in Cisco Wireless Control System (WCS) 6.0.x before 6.0.196.0 allows remote authenticated users to execute arbitrary SQL commands via vectors related to the ORDER BY clause of the Client List screens, aka Bug ID CSCtf37019.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:C/I:C/A:C
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
VendorProductVersion
ciscowireless_control_system_software
𝑥
≤ 6.0.188.0
ciscowireless_control_system_software
6.0
ciscowireless_control_system_software
6.0.132.0
ciscowireless_control_system_software
6.0.170.0
ciscowireless_control_system_software
6.0.181.0
ciscowireless_control_system_software
6.0.182.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091e.shtml
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091e.shtml