CVE-2010-4834

OneOrZero AIMS 2.6.0-2.7.0 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4834. PoCs published by Valentin.

AI-analyzed exploit summary This is a vulnerability writeup detailing SQL injection and local file inclusion vulnerabilities in OneOrZero AIMS v2.6.0. It provides example URLs and parameters affected by these vulnerabilities but does not include functional exploit code.

Description

Multiple SQL injection vulnerabilities in index.php in OneOrZero AIMS 2.6.0 Members Edition and 2.7.0 Trial Edition allow remote authenticated users to execute arbitrary SQL commands via the (1) id parameter in a saved_search action and (2) item_types parameter in a show_item_search action in the search_management_manage subcontroller. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Valentin · textwebappsphp
https://www.exploit-db.com/exploits/15519

This is a vulnerability writeup detailing SQL injection and local file inclusion vulnerabilities in OneOrZero AIMS v2.6.0. It provides example URLs and parameters affected by these vulnerabilities but does not include functional exploit code.

Classification
Writeup 90%
Attack Type
Sqli | Info Leak
Complexity
Moderate
Reliability
Theoretical
Target: OneOrZero AIMS v2.6.0
Auth required
Prerequisites: Authenticated access to the application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/15519
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8375
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42251

Scores

EPSS 0.0092
EPSS Percentile 55.6%

Details

CWE
CWE-89
Status published
Products (2)
oneorzero/aims 2.6.0
oneorzero/aims 2.7.0
Published Sep 14, 2011
Tracked Since Feb 18, 2026