cpe:/a:dustincowell:free_simple_software:1.0 CVE-2010-4298 2010-11-26T15:00:04.877-05:00 2010-11-29T00:00:00.000-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2010-11-29T15:44:00.000-05:00 BUGTRAQ 20101121 'Free Simple Software' SQL Injection Vulnerability (CVE-2010-4298) BID 44998 MISC https://www.uncompiled.com/2010/11/free-simple-software-sql-injection-vulnerability-cve-2010-4298/ SQL injection vulnerability in the download module in Free Simple Software 1.0 allows remote attackers to execute arbitrary SQL commands via the downloads_id parameter in a download_now action to index.php.