CVE-2010-1049
published 2010-03-23CVE-2010-1049: Multiple SQL injection vulnerabilities in Uiga Business Portal allow remote attackers to execute arbitrary SQL commands via the (1) noentryid parameter to…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.00%
58.4th percentile
Multiple SQL injection vulnerabilities in Uiga Business Portal allow remote attackers to execute arbitrary SQL commands via the (1) noentryid parameter to blog/index.php and the (2) p parameter to index2.php.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Uiga Business Portal index2.php textcomment sql injection (EDB-11357 / SA38430)
vuldb·2026-05-03·CVSS 7.5
CVE-2010-1049 [HIGH] Uiga Business Portal index2.php textcomment sql injection (EDB-11357 / SA38430)
A vulnerability classified as critical has been found in Uiga Business Portal. The affected element is an unknown function of the file index2.php. The manipulation of the argument textcomment leads to sql injection.
This vulnerability is traded as CVE-2010-1049. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
GHSA
GHSA-2848-7hhm-gmxm: Multiple SQL injection vulnerabilities in Uiga Business Portal allow remote attackers to execute arbitrary SQL commands via the (1) noentryid paramete
ghsa_unreviewed·2022-05-02
CVE-2010-1049 [HIGH] CWE-89 GHSA-2848-7hhm-gmxm: Multiple SQL injection vulnerabilities in Uiga Business Portal allow remote attackers to execute arbitrary SQL commands via the (1) noentryid paramete
Multiple SQL injection vulnerabilities in Uiga Business Portal allow remote attackers to execute arbitrary SQL commands via the (1) noentryid parameter to blog/index.php and the (2) p parameter to index2.php.
No detection rules found.
No writeups or analysis indexed.
2010-03-23
Published