3 matches found
PHP Inventory 1.3.1 Remote (Auth Bypass) SQL Injection Vulnerability
Advisory: PHP Inventory 1.3.1 Remote Auth Bypass SQL Injection Vulnerability Advisory ID: INFOSERVE-ADV2011-08 Author: Stefan Schurtz Contact: [email protected] Affected Software: Successfully tested on PHP Inventory 1.3.1 Vendor URL: http://www.phpwares.com/ Vendor Status: fixed CVE-ID:...
PHP Inventory 1.3.1 SQL Injection
Advisory: PHP Inventory 1.3.1 Remote Auth Bypass SQL Injection Vulnerability Advisory ID: INFOSERVE-ADV2011-08 Author: Stefan Schurtz Contact: [email protected] Affected Software: Successfully tested on PHP Inventory 1.3.1 Vendor URL: http://www.phpwares.com/ Vendor Status: fixed CVE-ID:...
CVE-2009-4596
CVE-2009-4596 is a documented cross-site scripting vulnerability in PHP Inventory, specifically in index.php for version 1.2, exploitable via the sup_id parameter in the suppliers details action. The connected sources corroborate a web-facing XSS flaw that allows remote attackers to inject arbitr...