← Volver a CVEs
CVE-2010-1327
N/ADescripcion
Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the marca parameter to precios.php3 or (2) the where parameter in a delivery_courier action to control/abm_list.php3.
Detalles CVE
Puntuacion CVSS v3.1N/A
Publicado7/6/2010
Ultima modificacion4/29/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
tornadostore:tornadostore
Debilidades (CWE)
CWE-89
Referencias
http://www.bonsai-sec.com/en/research/vulnerabilities/tornadostore-multiple-sql-injection-0106.php(cve@mitre.org)
http://www.securityfocus.com/bid/41233(cve@mitre.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/59950(cve@mitre.org)
http://www.bonsai-sec.com/en/research/vulnerabilities/tornadostore-multiple-sql-injection-0106.php(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/41233(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/59950(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.