Lucene search
K

34 matches found

NVD
NVD
added 2010/01/12 5:30 p.m.31 views

CVE-2009-4597

Multiple SQL injection vulnerabilities in index.php in PHP Inventory 1.2 allow 1 remote authenticated users to execute arbitrary SQL commands via the userid parameter in a users details action, and allow remote attackers to execute arbitrary SQL commands via the 2 user username and 3 pass passwor...

7.5CVSS8.1AI score0.00987EPSS
Exploits2References4
NVD
NVD
added 2010/01/12 5:30 p.m.22 views

CVE-2009-4595

SQL injection vulnerability in index.php in PHP Inventory 1.2 allows remote authenticated users to execute arbitrary SQL commands via the supid parameter in a suppliers details action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party informatio...

6CVSS7.6AI score0.00725EPSS
Exploits1References1
Prion
Prion
added 2010/01/12 5:30 p.m.20 views

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in PHP Inventory 1.2 allows remote attackers to inject arbitrary web script or HTML via the supid parameter in a suppliers details action...

4.3CVSS6.2AI score0.01475EPSS
Exploits2References3Affected Software1
Prion
Prion
added 2010/01/12 5:30 p.m.19 views

Sql injection

SQL injection vulnerability in index.php in PHP Inventory 1.2 allows remote authenticated users to execute arbitrary SQL commands via the supid parameter in a suppliers details action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party informatio...

6CVSS8.2AI score0.00725EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2010/01/12 5:0 p.m.48 views

CVE-2009-4597

The CVE-2009-4597 entry covers SQL injection flaws in PHP Inventory (notably versions around 1.2/1.3.x) in index.php. The vulnerabilities allow SQL commands to be injected through user_id in a user details action, and through user/password fields, enabling unauthorized data access via poorly sani...

7.5CVSS8.3AI score0.00987EPSS
Exploits2References4Affected Software1
CVE
CVE
added 2010/01/12 5:0 p.m.70 views

CVE-2009-4595

Summary of CVE-2009-4595 : PHP Inventory vulnerable to SQL injection via index.php in version 1.2 (also affects related tracked versions). The issue stems from unsanitized input in the sup_id parameter used in the suppliers details action, allowing (authenticated) users to craft arbitrary SQL. Mu...

6CVSS7.8AI score0.00725EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2010/01/12 5:0 p.m.39 views

CVE-2009-4595

SQL injection vulnerability in index.php in PHP Inventory 1.2 allows remote authenticated users to execute arbitrary SQL commands via the supid parameter in a suppliers details action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party informatio...

7.5AI score0.00725EPSS
Exploits1References1
Cvelist
Cvelist
added 2010/01/12 5:0 p.m.46 views

CVE-2009-4596

Cross-site scripting XSS vulnerability in index.php in PHP Inventory 1.2 allows remote attackers to inject arbitrary web script or HTML via the supid parameter in a suppliers details action...

5.6AI score0.01475EPSS
Exploits2References3
Cvelist
Cvelist
added 2010/01/12 5:0 p.m.45 views

CVE-2009-4597

Multiple SQL injection vulnerabilities in index.php in PHP Inventory 1.2 allow 1 remote authenticated users to execute arbitrary SQL commands via the userid parameter in a users details action, and allow remote attackers to execute arbitrary SQL commands via the 2 user username and 3 pass passwor...

8.1AI score0.00987EPSS
Exploits2References4
Packet Storm
Packet Storm
added 2009/12/10 12:0 a.m.21 views

PHP Inventory 1.2 SQL Injection

PHP Inventory v1.2 Remote Auth Bypass SQL Injection Vulnerabiity Found By: mrme Download: http://www.phpwares.com/content/php-inventory Tested On: Windows Vista Note: For educational purposes only First of all lets login to admin with: http://server/php-inventory/index.php username: ' or 1=1--...

0.2AI score
Exploits0
seebug.org
seebug.org
added 2009/12/10 12:0 a.m.12 views

PHP Inventory v1.2 Remote (Auth Bypass) SQL Injection Vulnerabiity

No description provided by source. PHP Inventory v1.2 Remote Auth Bypass SQL Injection Vulnerabiity Found By: mrme Download: http://www.phpwares.com/content/php-inventory Tested On: Windows Vista Note: For educational purposes only First of all lets login to admin with:...

7.1AI score
Exploits0
0day.today
0day.today
added 2009/12/10 12:0 a.m.18 views

PHP Inventory v1.2 Remote (Auth Bypass) SQL Injection Vulnerabiity

Exploit for unknown platform in category web applications ================================================================== PHP Inventory v1.2 Remote Auth Bypass SQL Injection Vulnerabiity ================================================================== PHP Inventory v1.2 Remote Auth Bypass SQ...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2009/12/10 12:0 a.m.29 views

PHP Inventory 1.2 - Authentication Bypass

PHP Inventory 1.2 - Authentication Bypass PHP Inventory v1.2 Remote Auth Bypass SQL Injection Vulnerabiity Found By: mrme Download: http://www.phpwares.com/content/php-inventory Tested On: Windows Vista Note: For educational purposes only First of all lets login to admin with:...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2009/12/10 12:0 a.m.33 views

PHP Inventory 1.2 - Authentication Bypass

PHP Inventory v1.2 Remote Auth Bypass SQL Injection Vulnerabiity Found By: mrme Download: http://www.phpwares.com/content/php-inventory Tested On: Windows Vista Note: For educational purposes only First of all lets login to admin with: http://server/php-inventory/index.php username: ' or 1=1--...

7.4AI score
Exploits0
Rows per page
Query Builder