CVE-2010-1994
TomatoCMS < 2.0.5 - SQL Injection via News Search q Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2010-1994. PoCs published by Russ McRee.
AI-analyzed exploit summary The provided text describes a SQL injection vulnerability in TomatoCMS 2.0.6 and prior, where user-supplied input is not sufficiently sanitized. It includes an example URL demonstrating the vulnerability but lacks executable exploit code.
Description
SQL injection vulnerability in index.php in TomatoCMS before 2.0.5 allows remote attackers to execute arbitrary SQL commands via the q parameter in conjunction with a /news/search PATH_INFO.
Exploits (1)
The provided text describes a SQL injection vulnerability in TomatoCMS 2.0.6 and prior, where user-supplied input is not sufficiently sanitized. It includes an example URL demonstrating the vulnerability but lacks executable exploit code.