CVE-2010-2610
Description
Multiple SQL injection vulnerabilities in 2daybiz Job Site Script allow remote attackers to execute arbitrary SQL commands via the (1) jid parameter to view_current_job.php, (2) job_iid parameter to show_search_more.php, and (3) left_cat parameter to show_search_result.php.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
2DayBiz Job Site Script - SQL Injection
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| 2daybiz | job_site_script | | |
References
- http://osvdb.org/65714
- http://osvdb.org/65715
- http://osvdb.org/65716
- http://secunia.com/advisories/40301
- http://www.exploit-db.com/exploits/14025
- http://www.securityfocus.com/bid/41123
- https://exchange.xforce.ibmcloud.com/vulnerabilities/59733
- http://osvdb.org/65714
- http://osvdb.org/65715
- http://osvdb.org/65716
- http://secunia.com/advisories/40301
- http://www.exploit-db.com/exploits/14025
- http://www.securityfocus.com/bid/41123
- https://exchange.xforce.ibmcloud.com/vulnerabilities/59733
CWEs
CWE-89
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.