Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-4696)

Description

Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via the (1) filter_order or (2) filter_order_Dir parameter in a com_contact action to index.php, a different vulnerability than CVE-2010-4166. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Remediation

References

Related Vulnerabilities

PHP Other Vulnerability (CVE-2004-1020)

WordPress Plugin WP Editor SQL Injection (1.2.6.3)

WordPress Plugin MF Gig Calendar 'page_id' Parameter Cross-Site Scripting (0.9.4.1)

WordPress Improper Authentication Vulnerability (CVE-2022-43504)

WordPress Plugin ThemeREX Addons Remote Code Execution (All)

Severity

High

Classification

CVE-2010-4696 CWE-138

Tags

Missing Update Known Vulnerabilities