Lucene search

[email protected]CVE-2010-4404

HistoryOct 03, 2022 - 4:21 p.m.

CVE-2010-4404

2022-10-0316:21:04

CWE-89

[email protected]

web.nvd.nist.gov

cve

2010

4404

sql injection

yannick gaultier

sh404sef

joomla

nvd

vulnerability

remote attackers

sql commands

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

56.3%

JSON

SQL injection vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Affected configurations

NVD

Node

anything-digitalsh404sefRange≤2.1.7.761

anything-digitalsh404sefMatch1.5.2.255

anything-digitalsh404sefMatch1.5.3.296

anything-digitalsh404sefMatch1.5.4.302

anything-digitalsh404sefMatch1.5.5.388

anything-digitalsh404sefMatch1.5.6.398

anything-digitalsh404sefMatch1.5.7.407

anything-digitalsh404sefMatch1.5.8.432

anything-digitalsh404sefMatch1.5.9.434

anything-digitalsh404sefMatch1.5.10.446

anything-digitalsh404sefMatch1.5.11.459

anything-digitalsh404sefMatch1.5.12.464

anything-digitalsh404sefMatch2.0.0rc522

anything-digitalsh404sefMatch2.0.1.531

anything-digitalsh404sefMatch2.0.2.542

anything-digitalsh404sefMatch2.0.3.545

anything-digitalsh404sefMatch2.1.0.641

anything-digitalsh404sefMatch2.1.1.644

anything-digitalsh404sefMatch2.1.2.649

anything-digitalsh404sefMatch2.1.3.680

anything-digitalsh404sefMatch2.1.4.734

anything-digitalsh404sefMatch2.1.5.746

anything-digitalsh404sefMatch2.1.6.749

AND

joomlajoomla\!

CPENameOperatorVersion
anything-digital:sh404sefanything-digital sh404sefle2.1.7.761
anything-digital:sh404sefanything-digital sh404sefeq1.5.2.255
anything-digital:sh404sefanything-digital sh404sefeq1.5.3.296
anything-digital:sh404sefanything-digital sh404sefeq1.5.4.302
anything-digital:sh404sefanything-digital sh404sefeq1.5.5.388
anything-digital:sh404sefanything-digital sh404sefeq1.5.6.398
anything-digital:sh404sefanything-digital sh404sefeq1.5.7.407
anything-digital:sh404sefanything-digital sh404sefeq1.5.8.432
anything-digital:sh404sefanything-digital sh404sefeq1.5.9.434
anything-digital:sh404sefanything-digital sh404sefeq1.5.10.446

CPE	Name	Operator	Version
anything-digital:sh404sef	anything-digital sh404sef	le	2.1.7.761
anything-digital:sh404sef	anything-digital sh404sef	eq	1.5.2.255
anything-digital:sh404sef	anything-digital sh404sef	eq	1.5.3.296
anything-digital:sh404sef	anything-digital sh404sef	eq	1.5.4.302
anything-digital:sh404sef	anything-digital sh404sef	eq	1.5.5.388
anything-digital:sh404sef	anything-digital sh404sef	eq	1.5.6.398
anything-digital:sh404sef	anything-digital sh404sef	eq	1.5.7.407
anything-digital:sh404sef	anything-digital sh404sef	eq	1.5.8.432
anything-digital:sh404sef	anything-digital sh404sef	eq	1.5.9.434
anything-digital:sh404sef	anything-digital sh404sef	eq	1.5.10.446

Rows per page:

1-10 of 231

References

dev.anything-digital.com/Forum/Announcements/9100-Urgent-sh404SEF-security-release-Joomla-1.5/

secunia.com/advisories/42430

twitter.com/jeffchannell/status/8603529560195072

www.securityfocus.com/bid/45135

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

56.3%

JSON

Related for CVE-2010-4404

nvd1 prion1 cvelist1