CVE-2010-4853

Description

SQL injection vulnerability in the ccInvoices (com_ccinvoices) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewInv action to index.php.

Affected products

• chillcreations / com_ccinvoices

References

• EXPLOIThttp://packetstormsecurity.org/1011-exploits/joomlaccinvoices-sql.txt
• MISChttp://securityreason.com/securityalert/8413
• EXPLOIThttp://www.exploit-db.com/exploits/15430
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/63079