QwikSec

Security Database

CVE

CWE

Training

CVE-2010-3076

Published: Oct 12, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

The filter function in php/src/include.php in Simple Management for BIND (aka smbind) before 0.4.8 does not anchor a certain regular expression, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via the username parameter to the admin login page.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20100905 CVE request: smbind Sql Injection

mailing-list

x_refsource_MLIST

http://sourceforge.net/projects/smbind/files/smbind/0.4.8/smbind-0.4.8.tar.bz2/download

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

http://packetstormsecurity.org/1009-exploits/smbind-sql.txt

x_refsource_MISC

[oss-security] 20100907 Re: CVE request: smbind Sql Injection

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.