cpe:/a:commodityrentals:dvd_rentals_script CVE-2010-4770 2011-03-23T18:00:01.747-04:00 2011-09-21T23:27:17.100-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2011-03-24T08:59:00.000-04:00 EXPLOIT-DB 15578 SECUNIA 42330 BID 44988 SREASON 8159 MISC http://packetstormsecurity.org/files/view/96010/dvdrental-sql.txt SQL injection vulnerability in index.php in CommodityRentals DVD Rentals Script allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a catalog action.