CVE-2010-4862 – Joomla! Component JE Directory 1.0 - SQL Injection

https://notcve.org/view.php?id=CVE-2010-4862

SQL injection vulnerability in the JExtensions JE Directory (com_jedirectory) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php. Vulnerabilidad de inyección SQL en el componente JExtensions JE Directory (com_jedirectory) 1.0 de Joomla!. Permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro catid de una acción item a index.php. • https://www.exploit-db.com/exploits/15163 http://osvdb.org/68308 http://secunia.com/advisories/41681 http://www.exploit-db.com/exploits/15163 http://www.securityfocus.com/bid/43630 https://exchange.xforce.ibmcloud.com/vulnerabilities/62191 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •