SQL injection vulnerability in cart.php in Advanced Webhost Billing System (AWBS) 2.9.2 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the oid parameter in an add_other action.
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Advanced_webhost_billing_system | Awbs | * | 2.9.2 (including) |
Advanced_webhost_billing_system | Awbs | 2.0 (including) | 2.0 (including) |
Advanced_webhost_billing_system | Awbs | 2.0.1 (including) | 2.0.1 (including) |
Advanced_webhost_billing_system | Awbs | 2.0.2 (including) | 2.0.2 (including) |
Advanced_webhost_billing_system | Awbs | 2.0.3 (including) | 2.0.3 (including) |
Advanced_webhost_billing_system | Awbs | 2.0.4 (including) | 2.0.4 (including) |
Advanced_webhost_billing_system | Awbs | 2.0.5 (including) | 2.0.5 (including) |
Advanced_webhost_billing_system | Awbs | 2.0.6 (including) | 2.0.6 (including) |
Advanced_webhost_billing_system | Awbs | 2.1.0 (including) | 2.1.0 (including) |
Advanced_webhost_billing_system | Awbs | 2.1.1 (including) | 2.1.1 (including) |
Advanced_webhost_billing_system | Awbs | 2.1.2 (including) | 2.1.2 (including) |
Advanced_webhost_billing_system | Awbs | 2.2.0 (including) | 2.2.0 (including) |
Advanced_webhost_billing_system | Awbs | 2.2.1 (including) | 2.2.1 (including) |
Advanced_webhost_billing_system | Awbs | 2.2.2 (including) | 2.2.2 (including) |
Advanced_webhost_billing_system | Awbs | 2.2.3 (including) | 2.2.3 (including) |
Advanced_webhost_billing_system | Awbs | 2.3.0 (including) | 2.3.0 (including) |
Advanced_webhost_billing_system | Awbs | 2.3.1 (including) | 2.3.1 (including) |
Advanced_webhost_billing_system | Awbs | 2.3.2 (including) | 2.3.2 (including) |
Advanced_webhost_billing_system | Awbs | 2.3.3 (including) | 2.3.3 (including) |
Advanced_webhost_billing_system | Awbs | 2.4.0 (including) | 2.4.0 (including) |
Advanced_webhost_billing_system | Awbs | 2.4.1 (including) | 2.4.1 (including) |
Advanced_webhost_billing_system | Awbs | 2.5 (including) | 2.5 (including) |
Advanced_webhost_billing_system | Awbs | 2.5.0 (including) | 2.5.0 (including) |
Advanced_webhost_billing_system | Awbs | 2.5.1 (including) | 2.5.1 (including) |
Advanced_webhost_billing_system | Awbs | 2.6.0 (including) | 2.6.0 (including) |
Advanced_webhost_billing_system | Awbs | 2.6.1 (including) | 2.6.1 (including) |
Advanced_webhost_billing_system | Awbs | 2.6.2 (including) | 2.6.2 (including) |
Advanced_webhost_billing_system | Awbs | 2.6.3 (including) | 2.6.3 (including) |
Advanced_webhost_billing_system | Awbs | 2.7 (including) | 2.7 (including) |
Advanced_webhost_billing_system | Awbs | 2.7.0 (including) | 2.7.0 (including) |
Advanced_webhost_billing_system | Awbs | 2.7.1 (including) | 2.7.1 (including) |
Advanced_webhost_billing_system | Awbs | 2.7.2 (including) | 2.7.2 (including) |
Advanced_webhost_billing_system | Awbs | 2.7.3 (including) | 2.7.3 (including) |
Advanced_webhost_billing_system | Awbs | 2.7.4 (including) | 2.7.4 (including) |
Advanced_webhost_billing_system | Awbs | 2.7.5 (including) | 2.7.5 (including) |
Advanced_webhost_billing_system | Awbs | 2.8.0 (including) | 2.8.0 (including) |
Advanced_webhost_billing_system | Awbs | 2.8.1 (including) | 2.8.1 (including) |
Advanced_webhost_billing_system | Awbs | 2.8.2 (including) | 2.8.2 (including) |
Advanced_webhost_billing_system | Awbs | 2.8.3 (including) | 2.8.3 (including) |
Advanced_webhost_billing_system | Awbs | 2.8.4 (including) | 2.8.4 (including) |
Advanced_webhost_billing_system | Awbs | 2.8.5 (including) | 2.8.5 (including) |
Advanced_webhost_billing_system | Awbs | 2.9.0 (including) | 2.9.0 (including) |
Advanced_webhost_billing_system | Awbs | 2.9.1 (including) | 2.9.1 (including) |