Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4112

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-4112
Last Modified 26 Feb 2009 01:38:18
Published 31 Jul 2007 06:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4112

Summary

Multiple SQL injection vulnerabilities in Advanced Webhost Billing System (AWBS) before 2.6.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged for XSS attacks that "bypass AWBS's anti-XSS input validation."

Vulnerable Systems

Application

  • Advanced Webhost Billing System 2.5.1


References

XF - awbs-unspecified-sql-injection(46160)

BID - 25089

MISC - http://www.justinsamuel.com/2007/06/10/awbs-magic_quotes_gpc-off-sql-injection-and-xss-vulnerabilities/

SECUNIA - 26214

OSVDB - 37257


Last Updated: 27 May 2016 10:45:46