CVSS: 9.8EPSS: 0%CPEs: 43EXPL: 2CVE-2011-0510 – AWBS 2.9.2 - 'cart.php' Blind SQL Injection
https://notcve.org/view.php?id=CVE-2011-0510
20 Jan 2011 — SQL injection vulnerability in cart.php in Advanced Webhost Billing System (AWBS) 2.9.2 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the oid parameter in an add_other action. Vulnerabilidad de inyección SQL en cart.php en Advanced Webhost Billing System (AWBS) v.2.9.2 y posiblemente versiones anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro oid en un acción add_other • https://www.exploit-db.com/exploits/16003 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2007-4113
https://notcve.org/view.php?id=CVE-2007-4113
31 Jul 2007 — Unspecified vulnerability in Advanced Webhost Billing System (AWBS) before 2.6.0 allows remote authenticated users to obtain configuration data about other dedicated servers via unspecified vectors. Vulnerabilidad no especificada en Advanced Webhost Billing System (AWBS) anterior a 2.6.0 permite permite a usuarios autenticados remotamente obtener datos de configuración sobre otros servidores dedicados a través de vectores no especificados. • http://osvdb.org/38690 •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 2CVE-2007-4112
https://notcve.org/view.php?id=CVE-2007-4112
31 Jul 2007 — Multiple SQL injection vulnerabilities in Advanced Webhost Billing System (AWBS) before 2.6.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged for XSS attacks that "bypass AWBS's anti-XSS input validation." Múltiples vulnerabilidades de inyección SQL en Advanced Webhost Billing Syste (AWBS) anterior a 2.6.0, cuando magic_quotes_gpc está deshabilitado, permiten a atacantes remotos ejecutar comandos SQL de su elec... • http://osvdb.org/37257 •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 0CVE-2006-3956
https://notcve.org/view.php?id=CVE-2006-3956
01 Aug 2006 — Multiple cross-site scripting (XSS) vulnerabilities in contact.php in Advanced Webhost Billing System (AWBS) 2.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) AccountUsername and (3) Message parameters. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en contact.php en Advanced Webhost Billing System (AWBS) 2.2.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de los parámetros (1) Name, (2) AccountUsername ... • http://secunia.com/advisories/21296 •