CVE-2010-4696

EUVD-2010-4661
Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via the (1) filter_order or (2) filter_order_Dir parameter in a com_contact action to index.php, a different vulnerability than CVE-2010-4166.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
Affected Products (NVD)
VendorProductVersion
joomlajoomla\!
1.5.0
joomlajoomla\!
1.5.1
joomlajoomla\!
1.5.2
joomlajoomla\!
1.5.3
joomlajoomla\!
1.5.4
joomlajoomla\!
1.5.5
joomlajoomla\!
1.5.6
joomlajoomla\!
1.5.7
joomlajoomla\!
1.5.8
joomlajoomla\!
1.5.9
joomlajoomla\!
1.5.10
joomlajoomla\!
1.5.11
joomlajoomla\!
1.5.12
joomlajoomla\!
1.5.13
joomlajoomla\!
1.5.14
joomlajoomla\!
1.5.15
joomlajoomla\!
1.5.15:rc
joomlajoomla\!
1.5.16
joomlajoomla\!
1.5.17
joomlajoomla\!
1.5.18
joomlajoomla\!
1.5.19
joomlajoomla\!
1.5.20
joomlajoomla\!
1.5.21
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://developer.joomla.org/security/news/9-security/10-core-security/323-20101101-core-sqli-info-disclosurevulnerabilities.html
http://openwall.com/lists/oss-security/2010/11/12/5
http://openwall.com/lists/oss-security/2010/11/12/6
http://secunia.com/advisories/42133
http://developer.joomla.org/security/news/9-security/10-core-security/323-20101101-core-sqli-info-disclosurevulnerabilities.html
http://openwall.com/lists/oss-security/2010/11/12/5
http://openwall.com/lists/oss-security/2010/11/12/6
http://secunia.com/advisories/42133