CVE-2010-4916

critical

Description

Multiple SQL injection vulnerabilities in index.cfm in ColdGen ColdUserGroup 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) ArticleID or (2) LibraryID parameter.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/61638

http://securityreason.com/securityalert/8448

http://secunia.com/advisories/41335

Details

Source: Mitre, NVD

Published: 2011-10-08

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.01485