CVE-2006-1853 Information

Description

Multiple SQL injection vulnerabilities in ModernBill 4.3.2 and earlier allow remote attackers or administrators to execute arbitrary SQL commands via the (1) id parameter in (a) user.php or (2) where and (3) order parameters to (b) admin.php.

Reference

http://pridels0.blogspot.com/2006/04/modernbill-multiple-sql-inj-vuln.html http://secunia.com/advisories/19641 http://www.securityfocus.com/bid/17596 http://www.vupen.com/english/advisories/2006/1415 https://exchange.xforce.ibmcloud.com/vulnerabilities/25926