VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 14, 2011· Updated Apr 29, 2026

CVE-2010-4834

CVE-2010-4834

Description

Multiple SQL injection vulnerabilities in index.php in OneOrZero AIMS 2.6.0 Members Edition and 2.7.0 Trial Edition allow remote authenticated users to execute arbitrary SQL commands via the (1) id parameter in a saved_search action and (2) item_types parameter in a show_item_search action in the search_management_manage subcontroller. NOTE: some of these details are obtained from third party information.

Affected products

2
  • Oneorzero/Aims2 versions
    cpe:2.3:a:oneorzero:aims:2.6.0:*:members:*:*:*:*:*+ 1 more
    • cpe:2.3:a:oneorzero:aims:2.6.0:*:members:*:*:*:*:*
    • cpe:2.3:a:oneorzero:aims:2.7.0:*:trial:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.