CVE-2013-7189 Information

Description

Multiple SQL injection vulnerabilities in iScripts AutoHoster possibly 2.4 allow remote attackers to execute arbitrary SQL commands via the cmbdomain parameter to (1) checktransferstatus.php (2) checktransferstatusbck.php or (3) additionalsettings.php; or (4) invno parameter to payinvoiceothers.php.

Reference

http://osvdb.org/101049 http://osvdb.org/101050 http://osvdb.org/101051 http://osvdb.org/101053 http://seclists.org/fulldisclosure/2013/Dec/121 https://exchange.xforce.ibmcloud.com/vulnerabilities/89816