Description
Multiple SQL injection vulnerabilities in INVOhost 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) newlanguage parameters to site.php, (3) search parameter to manuals.php, and (4) unspecified vectors to faq.php. NOTE: some of these details are obtained from third party information.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Andrés Gómez · textwebappsphp
https://www.exploit-db.com/exploits/11874
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/57161
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/11874
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/63157
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/63158
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/39095
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/38962
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/57162
Scores
EPSS
0.0031
EPSS Percentile
54.1%
Details
CWE
CWE-89
Status
published
Products (1)
invohost/invohost
3.4
Published
Apr 09, 2010
Tracked Since
Feb 18, 2026