CVE-2010-4842

high

Published 2011-09-27 · Modified 2026-04-29

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

8.5

Description

SQL injection vulnerability in admin/login.php in MHP DownloadScript (aka MH Products Download Center) 2.2 allows remote attackers to execute arbitrary SQL commands via the Name parameter. NOTE: some of these details are obtained from third party information.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-15770 webapps php verified text · 1 KB

DeadLy DeMon · 2010-12-18

Download Center 2.2 - SQL Injection

text exploit Source: Exploit-DB

Name : MHP DownloadScript v2.2 <<= SQL injection Vulnerability

+Autor : DeadLy DeMon
+Date : 18.12.2010
+Script : MHP DownloadScript v2.2
+Download : ----
+Site : http://www.mhproducts.de/php-scripte-5/tools-dienste/download-center.html
+Dork : Not Dork
+Price : 4,99 EURO
+Language : PHP
+Tests : Windows XP SP 3 and Backtrack4 any other OS
+Discovered by DeadLy DeMon
+ Cyber - Warrir TIM =>> www.Cyber-warrior.org
+Greetz to All KinqSqlZ Crew

---------------------------------------------------------------------------------------
DeadLy DeMon ,System-Hacker , BlackApple , HeroTurk , F0RTYS3V3N ,
JackTheRipper , Sadrazam and All KinqSqlZCrew Member

Aklınıza Geliriz , Aklınız
Gider..                                               KinqSqlZ Crew Akar...

----------------------------------------------------------------------------------------
Bug ;

*target/path/downloadcenter/admin/
*
*name : '

pass : '*

Application impact

Vendor	Product	Versions	Fixed
mhproducts	download_center	`2.2`

References

CWEs

CWE-89

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.