CVE-2010-4006 – WSN Links - SQL Injection

https://notcve.org/view.php?id=CVE-2010-4006

Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter. Múltiples vulnerabilidades de inyección SQL en search.php en WSN Links v5.0.x anterior a v5.0.81, v5.1.x anterior a v5.1.51, y v6.0.x anterior a v6.0.1, permite a atacantes remotos ejecutar comandos SQL de su elección a través de los parámetros (1) namecondition o (2) namesearch. WSN Links versions prior to 6.0.1, 5.1.51 and 5.0.81 suffer from a remote SQL injection vulnerability. • https://www.exploit-db.com/exploits/15607 http://archives.neohapsis.com/archives/fulldisclosure/2010-10/0512.html http://www.exploit-db.com/exploits/15607 http://www.securityfocus.com/archive/1/514585/100/0/threaded http://www.securityfocus.com/bid/44593 http://www.uncompiled.com/2010/10/wsn-links-sql-injection-vulnerability-cve-2010-4006 https://exchange.xforce.ibmcloud.com/vulnerabilities/62939 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •