Lucene search
K

4 matches found

securityvulns
securityvulns
added 2011/12/04 12:0 a.m.177 views

PHP Inventory 1.3.1 Remote (Auth Bypass) SQL Injection Vulnerability

Advisory: PHP Inventory 1.3.1 Remote Auth Bypass SQL Injection Vulnerability Advisory ID: INFOSERVE-ADV2011-08 Author: Stefan Schurtz Contact: [email protected] Affected Software: Successfully tested on PHP Inventory 1.3.1 Vendor URL: http://www.phpwares.com/ Vendor Status: fixed CVE-ID:...

7.5CVSS0.2AI score0.01475EPSS
Exploits3
Packet Storm
Packet Storm
added 2011/11/30 12:0 a.m.58 views

PHP Inventory 1.3.1 SQL Injection

Advisory: PHP Inventory 1.3.1 Remote Auth Bypass SQL Injection Vulnerability Advisory ID: INFOSERVE-ADV2011-08 Author: Stefan Schurtz Contact: [email protected] Affected Software: Successfully tested on PHP Inventory 1.3.1 Vendor URL: http://www.phpwares.com/ Vendor Status: fixed CVE-ID:...

7.5CVSS0.01475EPSS
Exploits3
Cvelist
Cvelist
added 2010/01/12 5:0 p.m.39 views

CVE-2009-4595

SQL injection vulnerability in index.php in PHP Inventory 1.2 allows remote authenticated users to execute arbitrary SQL commands via the supid parameter in a suppliers details action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party informatio...

7.5AI score0.00725EPSS
Exploits1References1
CVE
CVE
added 2010/01/12 5:0 p.m.70 views

CVE-2009-4595

Summary of CVE-2009-4595 : PHP Inventory vulnerable to SQL injection via index.php in version 1.2 (also affects related tracked versions). The issue stems from unsanitized input in the sup_id parameter used in the suppliers details action, allowing (authenticated) users to craft arbitrary SQL. Mu...

6CVSS7.8AI score0.00725EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder