ID CVE-2007-4112
Summary Multiple SQL injection vulnerabilities in Advanced Webhost Billing System (AWBS) before 2.6.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged for XSS attacks that "bypass AWBS's anti-XSS input validation."
References
Vulnerable Configurations
  • cpe:2.3:a:advanced_webhost_billing_system:advanced_webhost_billing_system:*:*:*:*:*:*:*:*
    cpe:2.3:a:advanced_webhost_billing_system:advanced_webhost_billing_system:*:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 29-07-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
bid 25089
misc http://www.justinsamuel.com/2007/06/10/awbs-magic_quotes_gpc-off-sql-injection-and-xss-vulnerabilities/
osvdb 37257
secunia 26214
xf awbs-unspecified-sql-injection(46160)
Last major update 29-07-2017 - 01:32
Published 31-07-2007 - 10:17
Last modified 29-07-2017 - 01:32
Back to Top