Vulnerabilities > CVE-2006-1853 - SQL Injection vulnerability in ModernGigabyte ModernBill User.PHP

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
moderngigabyte
exploit available

Summary

Multiple SQL injection vulnerabilities in ModernBill 4.3.2 and earlier allow remote attackers or administrators to execute arbitrary SQL commands via the (1) id parameter in (a) user.php, or (2) where and (3) order parameters to (b) admin.php.

Vulnerable Configurations

Part Description Count
Application
Moderngigabyte
1

Exploit-Db

descriptionModernBill 4.3 User.PHP SQL Injection Vulnerability. CVE-2006-1853 . Webapps exploit for php platform
idEDB-ID:27678
last seen2016-02-03
modified2006-04-19
published2006-04-19
reporterr0t
sourcehttps://www.exploit-db.com/download/27678/
titleModernBill 4.3 User.PHP SQL Injection Vulnerability