CVE-2010-2673

Devana <1.6.6 - SQL Injection

Title source: llm

Description

SQL injection vulnerability in profile_view.php in Devana 1.6.6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Valentin · textwebappsphp

https://www.exploit-db.com/exploits/11922

View Code ZIP pw:eip

References (4)

Core 4

Core References

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/11922

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/39121

Exploit x_refsource_misc

http://packetstormsecurity.org/1003-exploits/devana-sql.txt

Exploit vdb-entry x_refsource_osvdb

http://osvdb.org/63278

Scores

EPSS 0.0084

EPSS Percentile 74.9%

Details

CWE

CWE-89

Status published

Products (7)

devana/devana 1.0

devana/devana 1.1.1

devana/devana 1.2.4

devana/devana 1.3.3

devana/devana 1.4.3

devana/devana 1.5.3

devana/devana < 1.6.6

Published Jul 08, 2010

Tracked Since Feb 18, 2026