cbcvebase.
CVE-2006-3010
published 2006-06-13

CVE-2006-3010: Multiple SQL injection vulnerabilities in Open Business Management (OBM) 1.0.3 pl1 allow remote attackers to execute arbitrary SQL commands via the (1)…

PriorityP434high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
1.81%
75.9th percentile
Multiple SQL injection vulnerabilities in Open Business Management (OBM) 1.0.3 pl1 allow remote attackers to execute arbitrary SQL commands via the (1) new_order and (2) order_dir parameters to (a) index.php, (b) group/group_index.php, (c) user/user_index.php, (d) list/list_index.php, and (e) company/company_index.php, and the (3) entity and (4) tf_dateafter parameter to company/company_index.php.

Affected

1 ranges
VendorProductVersion rangeFixed in
aliacomopen_business_management
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.