Vulnerabilities > CVE-2007-3345 - SQL-Injection vulnerability in PHP Accounts PHP Accounts 0.5

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

php-accounts

NVD

Published: 2007-06-22

Updated: 2017-07-29

Summary

Multiple SQL injection vulnerabilities in index.php in PHPAccounts 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) Outgoing_Type_ID, (2) Outgoing_ID, (3) Project_ID, (4) Client_ID, (5) Invoice_ID, or (6) Vendor_ID parameter.

Vulnerable Configurations

Part	Description	Count
Application	Php_Accounts PHP Accounts PHP Accounts 0.5	1

References

http://osvdb.org/35980
http://pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/35028