7.5
CVE-2010-4404
- EPSS 0.4%
- Veröffentlicht 06.12.2010 13:37:32
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
SQL injection vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Anything-digital ≫ Sh404sef Version <= 2.1.7.761
Anything-digital ≫ Sh404sef Version1.5.2.255
Anything-digital ≫ Sh404sef Version1.5.3.296
Anything-digital ≫ Sh404sef Version1.5.4.302
Anything-digital ≫ Sh404sef Version1.5.5.388
Anything-digital ≫ Sh404sef Version1.5.6.398
Anything-digital ≫ Sh404sef Version1.5.7.407
Anything-digital ≫ Sh404sef Version1.5.8.432
Anything-digital ≫ Sh404sef Version1.5.9.434
Anything-digital ≫ Sh404sef Version1.5.10.446
Anything-digital ≫ Sh404sef Version1.5.11.459
Anything-digital ≫ Sh404sef Version1.5.12.464
Anything-digital ≫ Sh404sef Version2.0.0 Updaterc522
Anything-digital ≫ Sh404sef Version2.0.1.531
Anything-digital ≫ Sh404sef Version2.0.2.542
Anything-digital ≫ Sh404sef Version2.0.3.545
Anything-digital ≫ Sh404sef Version2.1.0.641
Anything-digital ≫ Sh404sef Version2.1.1.644
Anything-digital ≫ Sh404sef Version2.1.2.649
Anything-digital ≫ Sh404sef Version2.1.3.680
Anything-digital ≫ Sh404sef Version2.1.4.734
Anything-digital ≫ Sh404sef Version2.1.5.746
Anything-digital ≫ Sh404sef Version2.1.6.749
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.4% | 0.576 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.