Vulnerabilities > CVE-2006-3010 - Cross-Site Scripting vulnerability in Aliacom Open Business Management 1.0.3Pl1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in Open Business Management (OBM) 1.0.3 pl1 allow remote attackers to execute arbitrary SQL commands via the (1) new_order and (2) order_dir parameters to (a) index.php, (b) group/group_index.php, (c) user/user_index.php, (d) list/list_index.php, and (e) company/company_index.php, and the (3) entity and (4) tf_dateafter parameter to company/company_index.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- http://pridels0.blogspot.com/2006/06/obm-multiple-sql-inj-and-xss-vuln.html
- http://secunia.com/advisories/20486
- http://www.osvdb.org/26203
- http://www.osvdb.org/26204
- http://www.osvdb.org/26205
- http://www.osvdb.org/26206
- http://www.osvdb.org/26207
- http://www.securityfocus.com/bid/18348
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27030