Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-4696)

Description

Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via the (1) filter_order or (2) filter_order_Dir parameter in a com_contact action to index.php, a different vulnerability than CVE-2010-4166. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Remediation

References

Related Vulnerabilities

PostgreSQL NULL Pointer Dereference Vulnerability (CVE-2016-5423)

WordPress Plugin Easy Digital Downloads-Recent Purchases Remote File Inclusion (1.0.2)

WordPress Plugin Popup Maker-Popup for opt-ins, lead gen, & more Information Disclosure (1.8.11)

MySQL CVE-2021-2087 Vulnerability (CVE-2021-2087)

WordPress Plugin NewStatPress Multiple Vulnerabilities (1.0.4)

Severity

High

Classification

CVE-2010-4696 CWE-138

Tags

Missing Update Known Vulnerabilities