CVE-2006-1853

CVE-2006-1853

EPSS 1.0%

Multiple SQL injection vulnerabilities in ModernBill 4.3.2 and earlier allow remote attackers or administrators to execute arbitrary SQL commands via the (1) id parameter in (a) user.php, or (2) where and (3) order parameters to (b) admin.php.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://pridels0.blogspot.com/2006/04/modernbill-multiple-sql-inj-vuln.html http://secunia.com/advisories/19641 https://exchange.xforce.ibmcloud.com/vulnerabilities/25926 http://www.securityfocus.com/bid/17596 http://www.vupen.com/english/advisories/2006/1415