CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 3CVE-2010-4904 – Joomla! Component Aardvertiser 2.1 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2010-4904
08 Oct 2011 — SQL injection vulnerability in the Aardvertiser (com_aardvertiser) component 2.1 and 2.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_name parameter in a view action to index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en el componente Aardvertiser (com_aardvertiser) v2.1 y v2.1.1 para Joomla! que permite a atacantes remotos ejecutar comandos SQL a través del parámetro cat_name en una acción de index.php. • https://www.exploit-db.com/exploits/14922 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2010-3028
https://notcve.org/view.php?id=CVE-2010-3028
16 Aug 2010 — The Aardvertiser component before 2.2.1 for Joomla! uses insecure permissions (777) in unspecified folders, which allows local users to modify, create, or delete certain files. El componente Aardvertiser en versiones anteriores a la v2.2.1 de Joomla! utiliza permisos inseguros (777) en carpetas sin especificar, lo que permite a usuarios locales modificar, crear o borrar determinados ficheros. • http://secunia.com/advisories/40882 • CWE-264: Permissions, Privileges, and Access Controls •