Required CVE Record Information
Description
Multiple SQL injection vulnerabilities in ModernBill 4.3.2 and earlier allow remote attackers or administrators to execute arbitrary SQL commands via the (1) id parameter in (a) user.php, or (2) where and (3) order parameters to (b) admin.php.
References 5 Total
- exchange.xforce.ibmcloud.com: modernbill-user-sql-injection(25926) vdb-entry
- securityfocus.com: 17596 vdb-entry
- vupen.com: ADV-2006-1415 vdb-entry
- http://pridels0.blogspot.com/2006/04/modernbill-multiple-sql-inj-vuln.html
- secunia.com: 19641 third-party-advisory
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 5 Total
- exchange.xforce.ibmcloud.com: modernbill-user-sql-injection(25926) vdb-entryx_transferred
- securityfocus.com: 17596 vdb-entryx_transferred
- vupen.com: ADV-2006-1415 vdb-entryx_transferred
- http://pridels0.blogspot.com/2006/04/modernbill-multiple-sql-inj-vuln.html x_transferred
- secunia.com: 19641 third-party-advisoryx_transferred