Lucene search

K

PHP Inventory Multiple Vulnerabilities

🗓️ 22 Jan 2010 00:00:00Reported by Copyright (C) 2010 Greenbone AGType 
openvas
 openvas
🔗 plugins.openvas.org👁 16 Views

PHP Inventory Multiple Vulnerabilities. Exploitable flaws in PHP Inventory version 1.2 and prior allow for remote attackers to execute arbitrary HTML or web scripts and manipulate sensitive information

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
Exploit DB
PHP Inventory 1.2 - Authentication Bypass
10 Dec 200900:00
exploitdb
securityvulns
PHP Inventory 1.3.1 Remote (Auth Bypass) SQL Injection Vulnerability
4 Dec 201100:00
securityvulns
securityvulns
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
5 Dec 201100:00
securityvulns
Packet Storm
PHP Inventory 1.3.1 SQL Injection
30 Nov 201100:00
packetstorm
OpenVAS
PHP Inventory < 1.3.2 SQLi Vulnerability
5 Dec 201100:00
openvas
Cvelist
CVE-2009-4595
12 Jan 201017:00
cvelist
Cvelist
CVE-2009-4596
12 Jan 201017:00
cvelist
Cvelist
CVE-2009-4597
12 Jan 201017:00
cvelist
Prion
Sql injection
12 Jan 201017:30
prion
Prion
Sql injection
12 Jan 201017:30
prion
Rows per page
# SPDX-FileCopyrightText: 2010 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.800983");
  script_version("2023-06-27T05:05:30+0000");
  script_tag(name:"last_modification", value:"2023-06-27 05:05:30 +0000 (Tue, 27 Jun 2023)");
  script_tag(name:"creation_date", value:"2010-01-22 16:43:14 +0100 (Fri, 22 Jan 2010)");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_cve_id("CVE-2009-4595", "CVE-2009-4596", "CVE-2009-4597");
  script_name("PHP Inventory Multiple Vulnerabilities");
  script_category(ACT_ATTACK);
  script_copyright("Copyright (C) 2010 Greenbone AG");
  script_family("Web application abuses");

  script_xref(name:"URL", value:"http://secunia.com/advisories/37672");
  script_xref(name:"URL", value:"http://xforce.iss.net/xforce/xfdb/54666");
  script_xref(name:"URL", value:"http://xforce.iss.net/xforce/xfdb/54667");
  script_xref(name:"URL", value:"http://www.exploit-db.com/exploits/10370");

  script_tag(name:"impact", value:"Successful exploitation will allow remote attackers to include arbitrary
  HTML or web scripts in the scope of the browser and allows to obtain and manipulate sensitive information.");

  script_tag(name:"affected", value:"PHP Inventory version 1.2 and prior.");

  script_tag(name:"insight", value:"Multiple flaws exist due to:

  - Input passed via the 'user_id' parameter to 'index.php' and via the 'sup_id'
    parameter is not properly sanitised before being used in an SQL query.

  - Input passed via the 'user' and 'pass' form field to 'index.php' is not
    properly sanitised before being used in an SQL query.");

  script_tag(name:"solution", value:"Update to PHP Inventory version 1.3.2 or later.");

  script_tag(name:"summary", value:"PHP inventory is prone to multiple vulnerabilities.

  This VT has been replaced by VT PHP Inventory 'user' and 'pass' Parameters SQL Injection Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.802534).");

  script_tag(name:"qod_type", value:"remote_app");
  script_tag(name:"solution_type", value:"VendorFix");

  script_tag(name:"deprecated", value:TRUE);

  exit(0);
}

exit(66);

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
22 Jan 2010 00:00Current
6.5Medium risk
Vulners AI Score6.5
CVSS27.5
EPSS0.002
16
.json
Report