Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1853

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2006-1853
Last Modified 07 Mar 2011 09:34:25
Published 19 Apr 2006 12:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2006-1853

Summary

Multiple SQL injection vulnerabilities in ModernBill 4.3.2 and earlier allow remote attackers or administrators to execute arbitrary SQL commands via the (1) id parameter in (a) user.php, or (2) where and (3) order parameters to (b) admin.php.

Vulnerable Systems

Application

  • Moderngigabyte Modernbill 4.3.2


References

VUPEN - ADV-2006-1415

BID - 17596

SECUNIA - 19641

XF - modernbill-user-sql-injection(25926)

MISC - http://pridels0.blogspot.com/2006/04/modernbill-multiple-sql-inj-vuln.html


Last Updated: 27 May 2016 10:42:14