cpe:/a:tornadostore:tornadostore:1.4.3 CVE-2010-1327 2010-07-06T13:17:13.127-04:00 2017-08-16T21:32:20.023-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2010-07-06T13:21:00.000-04:00 BID 41233 MISC http://www.bonsai-sec.com/en/research/vulnerabilities/tornadostore-multiple-sql-injection-0106.php XF tornadostore-precios-sql-injection(59950) Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the marca parameter to precios.php3 or (2) the where parameter in a delivery_courier action to control/abm_list.php3.