CVE-2006-1853

critical

Description

Multiple SQL injection vulnerabilities in ModernBill 4.3.2 and earlier allow remote attackers or administrators to execute arbitrary SQL commands via the (1) id parameter in (a) user.php, or (2) where and (3) order parameters to (b) admin.php.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/25926

http://www.vupen.com/english/advisories/2006/1415

http://www.securityfocus.com/bid/17596

http://secunia.com/advisories/19641

http://pridels0.blogspot.com/2006/04/modernbill-multiple-sql-inj-vuln.html

Details

Source: Mitre, NVD

Published: 2006-04-19

Updated: 2017-07-20

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

Detections

Analytics