CVE-2010-4696 — SQL Injection in Joomla !

CWE-89 — SQL Injection3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 77.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Joomla !

Timeline

PublishedJan 18

Latest updateMay 17

Description

Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via the (1) filter_order or (2) filter_order_Dir parameter in a com_contact action to index.php, a different vulnerability than CVE-2010-4166. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDjoomla/joomla_!22 versions+21

🔴Vulnerability Details

GHSA

GHSA-2wmf-hxhx-8jq7: Multiple SQL injection vulnerabilities in Joomla! 1↗2022-05-17

▶

💥Exploits & PoCs

Exploit-DB

Opera historysearch - Cross-Site Scripting (Metasploit)↗2010-11-11

▶