CVE-2010-1089
published 2010-03-24CVE-2010-1089: SQL injection vulnerability in vedi_faq.php in PHP Trouble Ticket 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.96%
57.0th percentile
SQL injection vulnerability in vedi_faq.php in PHP Trouble Ticket 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phptroubleticket | php_trouble_ticket | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Phptroubleticket PHP Trouble Ticket 2.2 vedi_faq.php ID sql injection (EDB-11609 / SA38763)
vuldb·2026-05-03·CVSS 7.5
CVE-2010-1089 [HIGH] Phptroubleticket PHP Trouble Ticket 2.2 vedi_faq.php ID sql injection (EDB-11609 / SA38763)
A vulnerability categorized as critical has been discovered in Phptroubleticket PHP Trouble Ticket 2.2. Affected is an unknown function of the file vedi_faq.php. The manipulation of the argument ID results in sql injection.
This vulnerability is identified as CVE-2010-1089. The attack can be executed remotely. Additionally, an exploit exists.
GHSA
GHSA-cgg9-xrp8-443h: SQL injection vulnerability in vedi_faq
ghsa_unreviewed·2022-05-02
CVE-2010-1089 [HIGH] CWE-89 GHSA-cgg9-xrp8-443h: SQL injection vulnerability in vedi_faq
SQL injection vulnerability in vedi_faq.php in PHP Trouble Ticket 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Red Hat
glibc: Suid mount helpers fail to anticipate RLIMIT_FSIZE
vendor_redhat·2011-03-03·CVSS 7.2
CVE-2011-1089 [HIGH] glibc: Suid mount helpers fail to anticipate RLIMIT_FSIZE
glibc: Suid mount helpers fail to anticipate RLIMIT_FSIZE
The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296.
No detection rules found.
Exploit-DB
Microsoft IIS - Phone Book Service Overflow (MS00-094) (Metasploit)
exploitdb·2010-04-30
CVE-2000-1089 Microsoft IIS - Phone Book Service Overflow (MS00-094) (Metasploit)
Microsoft IIS - Phone Book Service Overflow (MS00-094) (Metasploit)
---
##
# $Id: ms00_094_pbserver.rb 9179 2010-04-30 08:40:19Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Microsoft IIS Phone Book Service Overflow',
'Description' => %q{
This is an exploit for the Phone Book Service /pbserver/pbserver.dll
described in MS00-094. By sending an overly long URL argument
for phone book updates, it is possible to overwrite the stack. This
module has only been tested against Windows 2000 SP1.
},
'Author' => [ 'patrick' ],
'License' =>
Exploit-DB
phptroubleticket 2.0 - 'id' SQL Injection
exploitdb·2010-03-01
CVE-2010-1089 phptroubleticket 2.0 - 'id' SQL Injection
phptroubleticket 2.0 - 'id' SQL Injection
---
#############################################################################################################
## phptroubleticket SQL injection (id) ##
## Author : kaMtiEz ([email protected]) ##
## Homepage : http://www.indonesiancoder.com ##
## Date : 1 march, 2010 ##
#############################################################################################################
[ Software Information ]
[+] Vendor : http://www.phptroubleticket.org/
[+] Download : http://www.phptroubleticket.org/downloads.html
[+] version : 2.0 / lower maybe also affected
[+] Vulnerability : SQL
[+] Dork : "CiHuY"
[+] LOCATION : INDONESIA - JOGJA
#############################################################################################################
[ V
No writeups or analysis indexed.
2010-03-24
Published