CVE-2010-1071
published 2010-03-23CVE-2010-1071: SQL injection vulnerability in profil.php in phpMDJ 1.0.3 allows remote attackers to execute arbitrary SQL commands via the id parameter.
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.02%
59.2th percentile
SQL injection vulnerability in profil.php in phpMDJ 1.0.3 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpmdj | phpmdj | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
phpMDJ 1.0.3 profil.php ID sql injection (EDB-11083 / XFDB-55516)
vuldb·2026-05-03·CVSS 7.5
CVE-2010-1071 [HIGH] phpMDJ 1.0.3 profil.php ID sql injection (EDB-11083 / XFDB-55516)
A vulnerability identified as critical has been detected in phpMDJ 1.0.3. This affects an unknown function of the file profil.php. The manipulation of the argument ID leads to sql injection.
This vulnerability is listed as CVE-2010-1071. The attack may be initiated remotely. In addition, an exploit is available.
GHSA
GHSA-gjw4-76p5-fxqf: SQL injection vulnerability in profil
ghsa_unreviewed·2022-05-02
CVE-2010-1071 [HIGH] CWE-89 GHSA-gjw4-76p5-fxqf: SQL injection vulnerability in profil
SQL injection vulnerability in profil.php in phpMDJ 1.0.3 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Red Hat
glibc: fnmatch() alloca()-based memory corruption flaw
vendor_redhat·2010-08-05·CVSS 5.0
CVE-2011-1071 [MEDIUM] glibc: fnmatch() alloca()-based memory corruption flaw
glibc: fnmatch() alloca()-based memory corruption flaw
The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.org/1001-exploits/phpmdj103-sql.txthttp://secunia.com/advisories/33480http://www.exploit-db.com/exploits/11083http://www.securityfocus.com/bid/37698https://exchange.xforce.ibmcloud.com/vulnerabilities/55516http://packetstormsecurity.org/1001-exploits/phpmdj103-sql.txthttp://secunia.com/advisories/33480http://www.exploit-db.com/exploits/11083http://www.securityfocus.com/bid/37698https://exchange.xforce.ibmcloud.com/vulnerabilities/55516
2010-03-23
Published