INFOSERVE-ADV2011-08 - PHP Inventory 1.3.1 Remote (Auth Bypass) SQL Injection Vulnerability
Advisory:
|
PHP Inventory 1.3.1 Remote (Auth Bypass) SQL Injection Vulnerability
|
Advisory ID:
|
INFOSERVE-ADV2011-08
|
Author:
|
Stefan Schurtz
|
Contact:
|
|
Affected Software:
|
Successfully tested on PHP Inventory 1.3.1
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
CVE-ID:
|
CVE-2009-4595,CVE-2009-4596,CVE-2009-4597
|
======================
Vulnerability Description
======================
Vulnerability Description
======================
PHP Inventory is (still) prone to a SQL-Injection (Auth Bypass) vulnerability