Vulnerability Details CVE-2005-4137
SQL injection vulnerability in viewinvoice.php in DRZES HMS 3.2 allows remote attackers to execute arbitrary SQL commands via the invoiceID parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 75.5%
CVSS Severity
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/17755
- http://securitytracker.com/id?1015334
- http://www.osvdb.org/21180
- http://www.securityfocus.com/archive/1/418851/100/0/threaded
- http://www.securityfocus.com/bid/15766
- http://www.vupen.com/english/advisories/2005/2633
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23264
- http://secunia.com/advisories/17755
- http://securitytracker.com/id?1015334
- http://www.osvdb.org/21180
- http://www.securityfocus.com/archive/1/418851/100/0/threaded
- http://www.securityfocus.com/bid/15766
- http://www.vupen.com/english/advisories/2005/2633
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23264
Products affected by CVE-2005-4137
-
cpe:2.3:a:fad_solutions:drzes_hms:3.2