QwikSec

Security Database

CVE

CWE

Training

CVE-2011-4672

Published: Dec 2, 2011

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple SQL injection vulnerabilities in Valid tiny-erp 1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the SearchField parameter in a search action to (1) _partner_list.php, (2) proioncategory_list.php, (3) _rantevou_list.php, (4) syncategory_list.php, (5) synallasomenos_list.php, (6) ypelaton_list.php, and (7) yproion_list.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

validtinyerp-searchfield-sql-injection(71402)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_BID

exploit

x_refsource_EXPLOIT-DB

20111119 Valid tiny-erp <= 1.6 SQL Injection Vulnerability

mailing-list

x_refsource_BUGTRAQ

20111119 Valid tiny-erp <= 1.6 SQL Injection Vulnerability

mailing-list

x_refsource_FULLDISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.