Description

Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via the (1) filter_order or (2) filter_order_Dir parameter in a com_contact action to index.php, a different vulnerability than CVE-2010-4166. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Remediation

References

CVE-2010-4696

Related Vulnerabilities

WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Security Bypass (2.9.2)

WordPress Plugin WP YouTube Live Cross-Site Scripting (1.7.21)

WordPress Plugin Profile Builder Pro SQL Injection (3.3.2)

WordPress Plugin KN Fix Your Title Cross-Site Scripting (1.0.1)

WordPress Plugin HD Webplayer Multiple SQL Injection Vulnerabilities (1.1)

Severity

High

Classification

CVE-2010-4696 CWE-138

Tags

Missing Update Known Vulnerabilities