Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4630

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-4630
Last Modified 07 Mar 2011 09:28:42
Published 31 Dec 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4630

Summary

SQL injection vulnerability in index.php in ClientExec 2.3 allows remote attackers to execute arbitrary SQL commands via the (1) billshowid, (2) billdetailid, (3) fuse, and (4) frmClientID parameters.

Vulnerable Systems

Application

  • Clientexec 2.3


References

CONFIRM - http://www.clientexec.com/forum/showthread.php?t=8006

CONFIRM - http://www.ce-talk.com/showthread.php?t=653

SECUNIA - 17756

XF - clientexec-multiple-sql-injection(23271)

VUPEN - ADV-2005-2628

OSVDB - 21163

MISC - http://pridels0.blogspot.com/2005/11/clientexec-2x-multiple-sql-inj.html


Last Updated: 27 May 2016 10:41:22