CVE-2011-0510

Description

SQL injection vulnerability in cart.php in Advanced Webhost Billing System (AWBS) 2.9.2 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the oid parameter in an add_other action.

Affected products

• awbs / advanced_webhost_billing_system2.9.2
• awbs / advanced_webhost_billing_system2.0 – 2.0
• awbs / advanced_webhost_billing_system2.0.1 – 2.0.1
• awbs / advanced_webhost_billing_system2.0.2 – 2.0.2
• awbs / advanced_webhost_billing_system2.0.3 – 2.0.3
• awbs / advanced_webhost_billing_system2.0.4 – 2.0.4
• awbs / advanced_webhost_billing_system2.0.5 – 2.0.5
• awbs / advanced_webhost_billing_system2.0.6 – 2.0.6
• awbs / advanced_webhost_billing_system2.1.0 – 2.1.0
• awbs / advanced_webhost_billing_system2.1.1 – 2.1.1
• awbs / advanced_webhost_billing_system2.1.2 – 2.1.2
• awbs / advanced_webhost_billing_system2.2.0 – 2.2.0
• awbs / advanced_webhost_billing_system2.2.1 – 2.2.1
• awbs / advanced_webhost_billing_system2.2.2 – 2.2.2
• awbs / advanced_webhost_billing_system2.2.3 – 2.2.3
• awbs / advanced_webhost_billing_system2.3.0 – 2.3.0
• awbs / advanced_webhost_billing_system2.3.1 – 2.3.1
• awbs / advanced_webhost_billing_system2.3.2 – 2.3.2
• awbs / advanced_webhost_billing_system2.3.3 – 2.3.3
• awbs / advanced_webhost_billing_system2.4.0 – 2.4.0
• awbs / advanced_webhost_billing_system2.4.1 – 2.4.1
• awbs / advanced_webhost_billing_system2.5 – 2.5
• awbs / advanced_webhost_billing_system2.5.0 – 2.5.0
• awbs / advanced_webhost_billing_system2.5.1 – 2.5.1
• awbs / advanced_webhost_billing_system2.6.0 – 2.6.0
• awbs / advanced_webhost_billing_system2.6.1 – 2.6.1
• awbs / advanced_webhost_billing_system2.6.2 – 2.6.2
• awbs / advanced_webhost_billing_system2.6.3 – 2.6.3
• awbs / advanced_webhost_billing_system2.7 – 2.7
• awbs / advanced_webhost_billing_system2.7.0 – 2.7.0
• awbs / advanced_webhost_billing_system2.7.1 – 2.7.1
• awbs / advanced_webhost_billing_system2.7.2 – 2.7.2
• awbs / advanced_webhost_billing_system2.7.3 – 2.7.3
• awbs / advanced_webhost_billing_system2.7.4 – 2.7.4
• awbs / advanced_webhost_billing_system2.7.5 – 2.7.5
• awbs / advanced_webhost_billing_system2.8.0 – 2.8.0
• awbs / advanced_webhost_billing_system2.8.1 – 2.8.1
• awbs / advanced_webhost_billing_system2.8.2 – 2.8.2
• awbs / advanced_webhost_billing_system2.8.3 – 2.8.3
• awbs / advanced_webhost_billing_system2.8.4 – 2.8.4
• awbs / advanced_webhost_billing_system2.8.5 – 2.8.5
• awbs / advanced_webhost_billing_system2.9.0 – 2.9.0
• awbs / advanced_webhost_billing_system2.9.1 – 2.9.1

References

• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/64726
• EXPLOIThttp://www.exploit-db.com/exploits/16003
• VENDOR_ADVISORYhttp://secunia.com/advisories/42944