CyberSec.Space Logo
Back to CVE Browser

CVE-2006-3010

HIGH
7.5
CVSS Severity Score
EPSS Score0.0640%
EPSS Percentile30.24th
PublishedJun 13, 2006
Last ModifiedApr 16, 2026

Vulnerability Description

Multiple SQL injection vulnerabilities in Open Business Management (OBM) 1.0.3 pl1 allow remote attackers to execute arbitrary SQL commands via the (1) new_order and (2) order_dir parameters to (a) index.php, (b) group/group_index.php, (c) user/user_index.php, (d) list/list_index.php, and (e) company/company_index.php, and the (3) entity and (4) tf_dateafter parameter to company/company_index.php.

Affected Platforms (CPE)

πŸ“¦
Aliacom

Open Business Management

= 1.0.3_pl1

References & Advisories

πŸ”— http://pridels0.blogspot.com/2006/06/obm-multiple-sql-inj-and-xss-vuln.html
πŸ”— http://secunia.com/advisories/20486
πŸ”— http://www.osvdb.org/26203
πŸ”— http://www.osvdb.org/26204
πŸ”— http://www.osvdb.org/26205
πŸ”— http://www.osvdb.org/26206
πŸ”— http://www.osvdb.org/26207
πŸ”— http://www.securityfocus.com/bid/18348

Related Vulnerabilities

CVE-2007-231610.0

Unspecified vulnerability in the admin script in Open Business Management (OBM) before 2.0.0 allows remote attackers to have an un...

CVE-2008-13909.3

The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x b...

CVE-2011-15999.0

manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17...

CVE-2012-24146.5

main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10...