CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2006-3010

HIGH
7.5
CVSS Severity Score
EPSS Score0.0640%
EPSS Percentile30.24th
Published2006年6月13日
Last Modified2026年4月16日

Vulnerability Description

Multiple SQL injection vulnerabilities in Open Business Management (OBM) 1.0.3 pl1 allow remote attackers to execute arbitrary SQL commands via the (1) new_order and (2) order_dir parameters to (a) index.php, (b) group/group_index.php, (c) user/user_index.php, (d) list/list_index.php, and (e) company/company_index.php, and the (3) entity and (4) tf_dateafter parameter to company/company_index.php.

Affected Platforms (CPE)

📦
Aliacom

Open Business Management

= 1.0.3_pl1

References & Advisories

🔗 http://pridels0.blogspot.com/2006/06/obm-multiple-sql-inj-and-xss-vuln.html
🔗 http://secunia.com/advisories/20486
🔗 http://www.osvdb.org/26203
🔗 http://www.osvdb.org/26204
🔗 http://www.osvdb.org/26205
🔗 http://www.osvdb.org/26206
🔗 http://www.osvdb.org/26207
🔗 http://www.securityfocus.com/bid/18348

相關漏洞威脅

CVE-2007-231610.0

Unspecified vulnerability in the admin script in Open Business Management (OBM) before 2.0.0 allows remote attackers to have an un...

CVE-2008-13909.3

The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x b...

CVE-2011-15999.0

manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17...

CVE-2012-24146.5

main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10...