CVE-2005-4137 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2005-4137

CWE

https://cwe.mitre.org/data/definitions/NVD-Other.html

SQL injection vulnerability in viewinvoice.php in DRZES HMS 3.2 allows remote attackers to execute arbitrary SQL commands via the invoiceID parameter.

Affected Software

Name	Vendor	Start Version	End Version
Drzes_hms	Fad_solutions	3.2 (including)	3.2 (including)

References

http://secunia.com/advisories/17755
http://securitytracker.com/id?1015334
http://www.osvdb.org/21180
http://www.securityfocus.com/archive/1/418851/100/0/threaded
http://www.securityfocus.com/bid/15766
http://www.vupen.com/english/advisories/2005/2633
https://exchange.xforce.ibmcloud.com/vulnerabilities/23264
http://secunia.com/advisories/17755
http://securitytracker.com/id?1015334
http://www.osvdb.org/21180
http://www.securityfocus.com/archive/1/418851/100/0/threaded
http://www.securityfocus.com/bid/15766
http://www.vupen.com/english/advisories/2005/2633
https://exchange.xforce.ibmcloud.com/vulnerabilities/23264