Security Advisories | Entries from Wednesday, December 7. 2011

Warning: opendir(/var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/sh/3.0.83.2/scripts/): failed to open dir: No such file or directory in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 26

Warning: Invalid argument supplied for foreach() in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 170
Skip to content

INFOSERVE-ADV2011-08 - PHP Inventory 1.3.1 Remote (Auth Bypass) SQL Injection Vulnerability

Posted by Stefan Schurtz on Wednesday, December 7. 2011

Advisory:	PHP Inventory 1.3.1 Remote (Auth Bypass) SQL Injection Vulnerability
Advisory ID:	INFOSERVE-ADV2011-08
Author:	Stefan Schurtz
Contact:	security@infoserve.de
Affected Software:	Successfully tested on PHP Inventory 1.3.1
Vendor URL:	http://www.phpwares.com/
Vendor Status:	fixed
CVE-ID:	CVE-2009-4595,CVE-2009-4596,CVE-2009-4597

======================
Vulnerability Description
======================

PHP Inventory is (still) prone to a SQL-Injection (Auth Bypass) vulnerability

Continue reading "INFOSERVE-ADV2011-08 - PHP Inventory 1.3.1 Remote (Auth Bypass) SQL Injection Vulnerability"

Sidebar

Calendar

Werbung

Exploit-DB updates by Offensive Security

[webapps] Flowise 1.6.5 - Authentication Bypass

Sunday, April 21. 2024

[webapps] Laravel Framework 11 - Credential Leakage

Sunday, April 21. 2024

[webapps] SofaWiki 3.9.2 - Remote Command Execution (RCE) (Authenticated)

Sunday, April 21. 2024

[webapps] Wordpress Plugin Background Image Cropper v1.2 - Remote Code Execution

Sunday, April 21. 2024

[webapps] FlatPress v1.3 - Remote Command Execution

Sunday, April 21. 2024

OpenBSD Journal

Game of Trees 0.98 released

Wednesday, April 24. 2024

pfctl(8) and systat(8) to display fragment reassembly statistics

Tuesday, April 23. 2024

Coming soon to a -current system near you: parallel raw IP input

Thursday, April 18. 2024

In -current, default write format for tar(1) changed to "pax"

Wednesday, April 17. 2024

OpenSMTPD 7.5.0p0 Released

Wednesday, April 10. 2024

20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09)

Tuesday, April 9. 2024

OpenBSD 7.5 released

Friday, April 5. 2024

LibreSSL 3.8.4 and 3.9.1 released

Thursday, March 28. 2024

OpenSSH 9.7/9.7p1 released!

Tuesday, March 12. 2024

Archives

Blog Administration

Open login screen

Imprint | Contact | Privacy Statement

Warning: opendir(/var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/sh/3.0.83.2/scripts/): failed to open dir: No such file or directory in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 26

Warning: Invalid argument supplied for foreach() in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 170