NVD

Id
61773  
Name
CVE-2006-3090  
Description
Multiple SQL injection vulnerabilities in PhpMyFactures 1.0, and possibly 1.2 and earlier, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id_pays parameter in (a) /pays/modifier_pays.php; (2) id_produit, (3) quantite, (4) prix_ht, and (5) date parameter in (b) /stocks/ajouter.php; (6) id_cat parameter in (c) /produits/modifier_cat.php; (7) id_client parameter in (d) /clients/modifier_client.php; (8) id_remise parameter in (e) /remises/index.php; (9) id_taux parameter in (f) /tva/index.php; (10) ref_produit, and (11) id_stock parameter in (g) /stocks/index.php; (12) id_pays parameter in (h) /pays/index.php; and (13) id_cat parameter in (i) /produits/index.php.  
Reject
 
CVSS Version
2  
CVSS Score
5.1  
Severity
Medium  
CVSS Base Score
5.1  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
4.9  
CVSS Vector
(AV:N/AC:H/Au:N/C:P/I:P/A:P)  
Pub Date
2016-12-20  
Published
2006-06-19  
Modified Date
2008-09-05  
Seq
2006-3090  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
319777 61773 CVE-2006-3090 1111  View
319778 61773 CVE-2006-3090 http://www.acid-root.new.fr/advisories/phpmyfactures.txt  View
319779 61773 CVE-2006-3090 20060610 PhpMyFactures 1.0 Cross Site Scripting, SQL Injection, Full Path Disclosure and others  View
319780 61773 CVE-2006-3090 phpmyfactures-multiple-scripts-sql-injection(27209)  View

Related JVN