CVE-2005-4630 Information

Description

SQL injection vulnerability in index.php in ClientExec 2.3 allows remote attackers to execute arbitrary SQL commands via the (1) billshowid (2) billdetailid (3) fuse and (4) frmClientID parameters.

Reference

http://pridels0.blogspot.com/2005/11/clientexec-2x-multiple-sql-inj.html http://secunia.com/advisories/17756 http://www.ce-talk.com/showthread.php?t=653 http://www.clientexec.com/forum/showthread.php?t=8006 http://www.osvdb.org/21163 http://www.vupen.com/english/advisories/2005/2628 https://exchange.xforce.ibmcloud.com/vulnerabilities/23271