Netshinesoftware Com Netinvoice vulnerabilities
4 known vulnerabilities affecting netshinesoftware/com_netinvoice.
Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
HIGH2MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2010-4270P2MEDIUMCVSS 5.0Exploited≤ 1.2_10≤ 2.0.9+1 more2010-11-17
CVE-2010-4270 [MEDIUM] CWE-22 CVE-2010-4270: Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edit
Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors related to (1) administrator/components/com_nbill/admin.nbill.php, (2) components/com_nbill/nbill.ph
nvd
CVE-2008-3498P3HIGHCVSS 7.5PoCv1.2.02008-08-06
CVE-2008-3498 [HIGH] CWE-89 CVE-2008-3498: SQL injection vulnerability in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows rem
SQL injection vulnerability in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in an orders action to index.php. NOTE: some of these details are obtained from third party information.
nvd
CVE-2008-7302P3HIGHCVSS 7.5v1.2.02011-10-05
CVE-2008-7302 [HIGH] CWE-89 CVE-2008-7302: SQL injection vulnerability in netinvoice.php in the nBill (com_netinvoice) component 1.2.0 SP1 for
SQL injection vulnerability in netinvoice.php in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving "knowledge of ... the contents of an encrypted file."
nvd
CVE-2012-6514P4MEDIUMCVSS 4.3v2.3.22013-01-24
CVE-2012-6514 [MEDIUM] CWE-79 CVE-2012-6514: Cross-site scripting (XSS) vulnerability in the nBill (com_nbill) component 2.3.2 for Joomla! allows
Cross-site scripting (XSS) vulnerability in the nBill (com_nbill) component 2.3.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the message parameter in an income action to administrator/index.php.
nvd