CVE-2010-1493 – Joomla! Component AWDwall 1.5.4 - Local File Inclusion / SQL Injection
https://notcve.org/view.php?id=CVE-2010-1493
SQL injection vulnerability in the AWDwall (com_awdwall) component before 1.5.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cbuser parameter in an awdwall action to index.php. Vulnerabilidad de inyección SQL en el componente de Joomla! AWDwall (com_awdwall) antes de v1.5.5 permite a atacantes remotos ejecutar comandos SQL a través del parámetro cbuser a index.php en una acción awdwall. • https://www.exploit-db.com/exploits/12113 http://packetstormsecurity.org/1004-exploits/joomlaawdwall-lfisql.txt http://secunia.com/advisories/39553 http://www.awdwall.com/index.php/awdwall-updates-logs- http://www.exploit-db.com/exploits/12113 http://www.osvdb.org/63942 http://www.securityfocus.com/bid/38194 https://exchange.xforce.ibmcloud.com/vulnerabilities/57694 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2010-1494 – Joomla! Component AWDwall 1.5.4 - Local File Inclusion / SQL Injection
https://notcve.org/view.php?id=CVE-2010-1494
Directory traversal vulnerability in the AWDwall (com_awdwall) component 1.5.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente AWDwall (com_awdwall) v1.5.4 de Joomla! permite a atacantes remotos leer ficheros de su elección mediante un .. • https://www.exploit-db.com/exploits/12113 http://packetstormsecurity.org/1004-exploits/joomlaawdwall-lfisql.txt http://secunia.com/advisories/39553 http://www.awdwall.com/index.php/awdwall-updates-logs- http://www.exploit-db.com/exploits/12113 http://www.osvdb.org/63943 http://www.securityfocus.com/bid/39331 https://exchange.xforce.ibmcloud.com/vulnerabilities/57693 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •