CVE-2010-1741

Description

SQL injection vulnerability in request_account.php in Billwerx RC 5.2.2 PL2 allows remote attackers to execute arbitrary SQL commands via the primary_number parameter.

Affected products

• billwerx / billwerx_rc5.2.2 – 5.2.2

References

• MISChttp://www.securityfocus.com/bid/39867
• EXPLOIThttp://packetstormsecurity.org/1005-exploits/billwerx-sql.txt
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/58278