4 matches found
PHP Inventory 1.3.1 Remote (Auth Bypass) SQL Injection Vulnerability
Advisory: PHP Inventory 1.3.1 Remote Auth Bypass SQL Injection Vulnerability Advisory ID: INFOSERVE-ADV2011-08 Author: Stefan Schurtz Contact: [email protected] Affected Software: Successfully tested on PHP Inventory 1.3.1 Vendor URL: http://www.phpwares.com/ Vendor Status: fixed CVE-ID:...
PHP Inventory 1.3.1 SQL Injection
Advisory: PHP Inventory 1.3.1 Remote Auth Bypass SQL Injection Vulnerability Advisory ID: INFOSERVE-ADV2011-08 Author: Stefan Schurtz Contact: [email protected] Affected Software: Successfully tested on PHP Inventory 1.3.1 Vendor URL: http://www.phpwares.com/ Vendor Status: fixed CVE-ID:...
CVE-2009-4595
SQL injection vulnerability in index.php in PHP Inventory 1.2 allows remote authenticated users to execute arbitrary SQL commands via the supid parameter in a suppliers details action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party informatio...
CVE-2009-4595
Summary of CVE-2009-4595 : PHP Inventory vulnerable to SQL injection via index.php in version 1.2 (also affects related tracked versions). The issue stems from unsanitized input in the sup_id parameter used in the suppliers details action, allowing (authenticated) users to craft arbitrary SQL. Mu...