NotCVE - vendor:"Netshinesoftware" product:"Com Netinvoice" version:" <= 2.0.10"

3 results (0.005 seconds)

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2008-7302

https://notcve.org/view.php?id=CVE-2008-7302

05 Oct 2011 — SQL injection vulnerability in netinvoice.php in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving "knowledge of ... the contents of an encrypted file." Vulnerabilidad de inyección SQL en netinvoice.php del componente nBill (com_netinvoice) 1.2.0 SP1 de Joomla!. Permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores sin especificar que involucran el "conocimiento de ... el cont... • http://www.nbill.co.uk/forum-smf/index.php/topic%2C716.0.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2010-4270

https://notcve.org/view.php?id=CVE-2010-4270

16 Nov 2010 — Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors related to (1) administrator/components/com_nbill/admin.nbill.php, (2) components/com_nbill/nbill.php, (3) administrator/components/com_netinvoice/admin.netinvoice.php, or (4) components/com_netinvoice/netinvoice.php, as exploited in the wild in November 201... • http://osvdb.org/69066 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1

CVE-2008-3498 – Joomla! Component netinvoice 1.2.0 SP1 - SQL Injection

https://notcve.org/view.php?id=CVE-2008-3498

06 Aug 2008 — SQL injection vulnerability in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in an orders action to index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en el componente nBill (com_netinvoice) 1.2.0 SP1 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro cid en una acción orders de index.php. • https://www.exploit-db.com/exploits/5939 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •