CVE-2010-4166SQL Injection in Joomla !

CWE-89SQL Injection4 documents2 sources
Severity
7.5HIGHNVD
EPSS
0.0%
top 93.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Joomla !
Timeline
PublishedJan 18
Latest updateMay 17

Description

Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via (1) the filter_order parameter in a com_weblinks category action to index.php, (2) the filter_order_Dir parameter in a com_weblinks category action to index.php, or (3) the filter_order_Dir parameter in a com_messages action to administrator/index.php.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDjoomla/joomla_!22 versions+21

🔴Vulnerability Details

2
GHSA
GHSA-2wmf-hxhx-8jq7: Multiple SQL injection vulnerabilities in Joomla! 12022-05-17
GHSA
GHSA-x734-8f4m-8656: Multiple SQL injection vulnerabilities in Joomla! 12022-05-14