CVE-2006-3092 Information
Description
PhpMyFactures 1.2 and earlier allows remote attackers to bypass authentication and modify data via direct requests with modified parameters to (1) /tva/ajouter_tva.php (2) /remises/ajouter_remise.php (3) /pays/ajouter_pays.php (4) /pays/modifier_pays.php (5) /produits/ajouter_cat.php (6) /produits/ajouter_produit.php (7) /clients/ajouter_client.php (8) /clients/modifier_client.php. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information.
Reference
http://secunia.com/advisories/20642 http://securityreason.com/securityalert/1111 http://www.acid-root.new.fr/advisories/phpmyfactures.txt http://www.osvdb.org/26477 http://www.securityfocus.com/archive/1/437025/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/27206
Share on: