CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 3CVE-2010-5043 – Joomla! Component DJ-ArtGallery 0.9.1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-5043
SQL injection vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the cid[] parameter in an editItem action to administrator/index.php. Una vulnerabilidad de inyección SQL en el componente DJ-artgallery (com_djartgallery) v0.9.1 para Joomla! permite a usuarios remotos autenticados ejecutar comandos SQL de su elección a través del parámetro cid[] en una acción EditItem a administrator/index.php. • https://www.exploit-db.com/exploits/13737 http://osvdb.org/65187 http://secunia.com/advisories/40073 http://www.exploit-db.com/exploits/13737 http://www.securityfocus.com/bid/40580 https://exchange.xforce.ibmcloud.com/vulnerabilities/59142 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 3CVE-2010-5042 – Joomla! Component DJ-ArtGallery 0.9.1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-5042
Cross-site scripting (XSS) vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the cid[] parameter in an editItem action to administrator/index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el componente DJ-ArtGallery (com_djartgallery) de 0.9.1 for Joomla!. Permite a usuarios remotos inyectar codigo de script web o código HTML de su elección a través del parámetro cid[] en una acción editItem de administrator/index.php. • https://www.exploit-db.com/exploits/13737 http://osvdb.org/65188 http://secunia.com/advisories/40073 http://www.exploit-db.com/exploits/13737 http://www.securityfocus.com/bid/40580 http://www.vupen.com/english/advisories/2010/1374 https://exchange.xforce.ibmcloud.com/vulnerabilities/59143 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •