SecuritySpace - CVE-2010-4166

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID:	CVE-2010-4166
Description:	Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via (1) the filter_order parameter in a com_weblinks category action to index.php, (2) the filter_order_Dir parameter in a com_weblinks category action to index.php, or (3) the filter_order_Dir parameter in a com_messages action to administrator/index.php.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4166 http://archives.neohapsis.com/archives/fulldisclosure/2010-10/0514.html http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_%28filter_order_Dir%29_back.jpg http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_%28filter_order_Dir%29_front.jpg http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_(filter_order)_front.jpg http://openwall.com/lists/oss-security/2010/11/12/5 http://openwall.com/lists/oss-security/2010/11/12/6 http://secunia.com/advisories/42133