CVE-2006-3010
published 2006-06-13CVE-2006-3010: Multiple SQL injection vulnerabilities in Open Business Management (OBM) 1.0.3 pl1 allow remote attackers to execute arbitrary SQL commands via the (1)…
PriorityP434high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
1.81%
75.9th percentile
Multiple SQL injection vulnerabilities in Open Business Management (OBM) 1.0.3 pl1 allow remote attackers to execute arbitrary SQL commands via the (1) new_order and (2) order_dir parameters to (a) index.php, (b) group/group_index.php, (c) user/user_index.php, (d) list/list_index.php, and (e) company/company_index.php, and the (3) entity and (4) tf_dateafter parameter to company/company_index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| aliacom | open_business_management | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://pridels0.blogspot.com/2006/06/obm-multiple-sql-inj-and-xss-vuln.htmlhttp://secunia.com/advisories/20486http://www.osvdb.org/26203http://www.osvdb.org/26204http://www.osvdb.org/26205http://www.osvdb.org/26206http://www.osvdb.org/26207http://www.securityfocus.com/bid/18348https://exchange.xforce.ibmcloud.com/vulnerabilities/27030http://pridels0.blogspot.com/2006/06/obm-multiple-sql-inj-and-xss-vuln.htmlhttp://secunia.com/advisories/20486http://www.osvdb.org/26203http://www.osvdb.org/26204http://www.osvdb.org/26205http://www.osvdb.org/26206http://www.osvdb.org/26207http://www.securityfocus.com/bid/18348https://exchange.xforce.ibmcloud.com/vulnerabilities/27030
2006-06-13
Published