CVE-2005-3845

EPSS 1.1%

SQL injection vulnerability in invoices.php in EZ Invoice Inc 2.0 allows remote attackers to execute arbitrary SQL commands via the i parameter. NOTE: the vendor has stated "EZ Invoice, Inc has a patah available. Please email support@ezinvoiceinc.com and EZI will email you the patch to fix this small issue."

Affected products

n/a · n/a

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/27029unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://pridels0.blogspot.com/2005/11/ez-invoice-inc-v-20-sql-inj.html https://exchange.xforce.ibmcloud.com/vulnerabilities/23213 http://www.osvdb.org/21369 http://www.securityfocus.com/bid/16133 http://www.vupen.com/english/advisories/2005/2596