Description
Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter.
Exploits (1)
References (6)
Core 6
Core References
Third Party Advisory mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2010-10/0512.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/514585/100/0/threaded
Exploit x_refsource_misc
http://www.uncompiled.com/2010/10/wsn-links-sql-injection-vulnerability-cve-2010-4006/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/62939
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/44593
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/15607
Scores
EPSS
0.0138
EPSS Percentile
80.4%
Details
CWE
CWE-89
Status
published
Products (50)
wsn/links
5.1.2
wsn/links
5.1.3
wsn/links
5.1.17
wsn/links
5.1.18
wsn/links
5.1.19
wsn/links
5.1.20
wsn/links
5.1.21
wsn/links
5.1.22
wsn/links
5.1.23
wsn/links
5.1.24
... and 40 more
Published
Nov 03, 2010
Tracked Since
Feb 18, 2026