CVE-2006-1920 Information

Description

SQL injection vulnerability in index.php in PMTool 1.2.2 allows remote attackers to execute arbitrary SQL commands via the order parameter in the include files (1) user.inc.php (2) customer.inc.php and (3) project.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Reference

http://secunia.com/advisories/19685 http://www.osvdb.org/24780 http://www.osvdb.org/24781 http://www.osvdb.org/24782 http://www.securityfocus.com/bid/17599 http://www.vupen.com/english/advisories/2006/1416 https://exchange.xforce.ibmcloud.com/vulnerabilities/25877