SQL Injection Vulnerability in Intermesh Group-Office by Intermesh
CVE-2010-3428

Currently unrated

Key Information:

Vendor: Intermesh
Status: Group-office
Vendor: CVE Published:; 16 September 2010

What is CVE-2010-3428?

An SQL injection vulnerability exists in the Intermesh Group-Office software version 3.5.9, specifically within the modules/notes/json.php file. This flaw allows remote attackers to manipulate the application by providing crafted inputs through the category_id parameter. Exploiting this vulnerability can lead to the execution of arbitrary SQL commands, potentially compromising the integrity and confidentiality of the database. It is imperative for users of the affected version to apply security patches and implement necessary mitigations to protect their systems.

References

http://www.securityfocus.com/bid/43174/exploit

x_refsource_MISC

http://www.exploit-db.com/exploits/14988

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/43174

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 16, 2010

JSON