CVE-2010-4922

Allinta CMS 22.07.2010 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4922. PoCs published by High-Tech Bridge SA.

AI-analyzed exploit summary The exploit demonstrates multiple SQL injection and cross-site scripting (XSS) vulnerabilities in Allinta CMS. It provides URLs with crafted payloads to trigger XSS and SQLi, confirming the lack of input sanitization.

Description

Multiple SQL injection vulnerabilities in Allinta CMS 22.07.2010 allow remote attackers to execute arbitrary SQL commands via the i parameter in an edit action to (1) contentAE.asp or (2) templatesAE.asp.

Exploits (1)

exploitdb WORKING POC VERIFIED
by High-Tech Bridge SA · textwebappsasp
https://www.exploit-db.com/exploits/34429

The exploit demonstrates multiple SQL injection and cross-site scripting (XSS) vulnerabilities in Allinta CMS. It provides URLs with crafted payloads to trigger XSS and SQLi, confirming the lack of input sanitization.

Classification
Working Poc 90%
Attack Type
Sqli | Xss
Complexity
Trivial
Reliability
Reliable
Target: Allinta CMS 22.07.2010
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8453
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/512959/100/0/threaded
Exploit mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/512958
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/42320

Scores

EPSS 0.0117
EPSS Percentile 63.4%

Details

CWE
CWE-89
Status published
Products (1)
allinta/allinta_cms 22.07.2010
Published Oct 09, 2011
Tracked Since Feb 18, 2026