CVE-2010-4404

SQL injection vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: Dec 6, 2010
Updated: Nov 9, 2025
CVE: CVE-2010-4404
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
anything-digital / sh404sef	-	2.1.7.761.x
anything-digital / sh404sef	1.5.2.255	1.5.2.255.x
anything-digital / sh404sef	1.5.3.296	1.5.3.296.x
anything-digital / sh404sef	1.5.4.302	1.5.4.302.x
anything-digital / sh404sef	1.5.5.388	1.5.5.388.x
anything-digital / sh404sef	1.5.6.398	1.5.6.398.x
anything-digital / sh404sef	1.5.7.407	1.5.7.407.x
anything-digital / sh404sef	1.5.8.432	1.5.8.432.x
anything-digital / sh404sef	1.5.9.434	1.5.9.434.x
anything-digital / sh404sef	1.5.10.446	1.5.10.446.x
anything-digital / sh404sef	1.5.11.459	1.5.11.459.x
anything-digital / sh404sef	1.5.12.464	1.5.12.464.x
anything-digital / sh404sef	2.0.0-rc522	2.0.0-rc522.x
anything-digital / sh404sef	2.0.1.531	2.0.1.531.x
anything-digital / sh404sef	2.0.2.542	2.0.2.542.x
anything-digital / sh404sef	2.0.3.545	2.0.3.545.x
anything-digital / sh404sef	2.1.0.641	2.1.0.641.x
anything-digital / sh404sef	2.1.1.644	2.1.1.644.x
anything-digital / sh404sef	2.1.2.649	2.1.2.649.x
anything-digital / sh404sef	2.1.3.680	2.1.3.680.x
anything-digital / sh404sef	2.1.4.734	2.1.4.734.x
anything-digital / sh404sef	2.1.5.746	2.1.5.746.x
anything-digital / sh404sef	2.1.6.749	2.1.6.749.x

Vulnerability Database

316,882

CVE-2010-4404

Deep Security Visibility Without the Complexity