Vulnerability Database

289,784

Total vulnerabilities in the database

CVE-2010-1994

SQL injection vulnerability in index.php in TomatoCMS before 2.0.5 allows remote attackers to execute arbitrary SQL commands via the q parameter in conjunction with a /news/search PATH_INFO.

  • Published: May 20, 2010
  • Updated: Apr 13, 2023
  • CVE: CVE-2010-1994
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

OWASP TOP 10:

Software From Fixed in
tomatocms / tomatocms 2.0.1 2.0.1.x
tomatocms / tomatocms 2.0.0 2.0.0.x
tomatocms / tomatocms 2.0.3.1430 2.0.3.1430.x
tomatocms / tomatocms 2.0.3 2.0.3.x
tomatocms / tomatocms 2.0.2 2.0.2.x
tomatocms / tomatocms - 2.0.4.x
tomatocms / tomatocms 2.0.3.1622 2.0.3.1622.x