CVE-2010-4166
Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via (1) the filter_order parameter in a com_weblinks category action to index.php, (2) the filter_order_Dir parameter in a com_weblinks category action to index.php, or (3) the filter_order_Dir parameter in a com_messages action to administrator/index.php.
We have discovered 267,947 live websites that are affected by CVE-2010-4166.
Affected Software
| Product |  Joomla |
| Category | Content Management System |
| Vulnerable Domains | 267,947 live websites (96.47% of Joomla install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 2 versions ( 1.19% of all versions) |
Details
- Published - Jan 18, 2011
- Updated - Sep 16, 2024
CVE References
CVE-2010-4166 usage by Country
 United States | 15,491 websites |
 Italy | 66,442 websites |
 Australia | 24,762 websites |
 GB | 16,627 websites |
 Germany | 13,695 websites |
 Russia | 13,446 websites |
 Poland | 12,567 websites |
 Netherlands | 11,465 websites |
 Iran | 9,176 websites |
 South Africa | 8,913 websites |
CVE-2010-4166 usage by TLD
| .com | 65,207 websites |
| .it | 43,627 websites |
| .com.au | 17,007 websites |
| .ru | 11,539 websites |
| .pl | 8,985 websites |
| .co.uk | 8,953 websites |
| .org | 7,372 websites |
| .nl | 6,810 websites |
| .de | 6,476 websites |
| .net | 5,782 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2010-4166
Top websites that are affected by CVE-2010-4166. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****************.de | Germany | *,*** | |
| *******.**.ca |  Canada | *,*** | |
| **************.********.com | United States | **,*** | |
| ***********.com | Italy | **,*** | |
| ***********.**.za | South Africa | **,*** | |
| ********.com |  Serbia | **,*** | |
| ***************.com | Italy | **,*** | |
| ********.com | United States | **,*** | |
| *********.com | GB | **,*** | |
| *****.**.uk | GB | **,*** |
FAQ
A total of 267,947 websites have been identified as vulnerable to CVE-2010-4166, discovered through global website indexing conducted by WebTechSurvey.
Joomla is susceptible to CVE-2010-4166 vulnerability.
Joomla versions before 1.5.22 are vulnerable to CVE-2010-4166.
Version 1.5.22 of Joomla addresses the CVE-2010-4166 security vulnerability.
References
- http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_%28filter_order%29_front.jpg
- http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_%28filter_order_Dir%29_front.jpg
- http://openwall.com/lists/oss-security/2010/11/12/5
- http://archives.neohapsis.com/archives/fulldisclosure/2010-10/0514.html
- http://developer.joomla.org/security/news/9-security/10-core-security/323-20101101-core-sqli-info-disclosurevulnerabilities.html
- http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_%28filter_order_Dir%29_back.jpg
- http://secunia.com/advisories/42133
- http://openwall.com/lists/oss-security/2010/11/12/6