CVE-2006-3090

Multiple SQL injection vulnerabilities in PhpMyFactures 1.0, and possibly 1.2 and earlier, with magicquotesgpc disabled, allow remote attackers to execute arbitrary SQL commands via the 1 idpays parameter in a /pays/modifierpays.php; 2 idproduit, 3 quantite, 4 prixht, and 5 date parameter in b...