Description
Multiple SQL injection vulnerabilities in ModernBill 4.3.2 and earlier allow remote attackers or administrators to execute arbitrary SQL commands via the (1) id parameter in (a) user.php, or (2) where and (3) order parameters to (b) admin.php.
Exploits (1)
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/25926
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/17596
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1415
Third Party Advisory x_refsource_misc
http://pridels0.blogspot.com/2006/04/modernbill-multiple-sql-inj-vuln.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/19641
Scores
EPSS
0.0047
EPSS Percentile
64.9%
Details
Status
published
Products (1)
moderngigabyte/modernbill
< 4.3.2
Published
Apr 19, 2006
Tracked Since
Feb 18, 2026