CVE-2011-4672 Information
Feb 14, 2021
cve
Description
Multiple SQL injection vulnerabilities in Valid tiny-erp 1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the SearchField parameter in a search action to (1) _partner_list.php (2) proioncategory_list.php (3) _rantevou_list.php (4) syncategory_list.php (5) synallasomenos_list.php (6) ypelaton_list.php and (7) yproion_list.php.
Reference
http://seclists.org/fulldisclosure/2011/Nov/303 http://www.exploit-db.com/exploits/18128 http://www.securityfocus.com/archive/1/520572/100/0/threaded http://www.securityfocus.com/bid/50732 https://exchange.xforce.ibmcloud.com/vulnerabilities/71402
Share on: