CVE-2005-4137 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

SQL injection vulnerability in viewinvoice.php in DRZES HMS 3.2 allows remote attackers to execute arbitrary SQL commands via the invoiceID parameter.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Fad Solutions	Drzes Hms	3.2

References

http://secunia.com/advisories/17755
http://securitytracker.com/id?1015334
http://www.osvdb.org/21180
http://www.securityfocus.com/archive/1/418851/100/0/threaded
http://www.securityfocus.com/bid/15766Exploit
http://www.vupen.com/english/advisories/2005/2633
https://exchange.xforce.ibmcloud.com/vulnerabilities/23264
http://secunia.com/advisories/17755
http://securitytracker.com/id?1015334
http://www.osvdb.org/21180
http://www.securityfocus.com/archive/1/418851/100/0/threaded
http://www.securityfocus.com/bid/15766Exploit
http://www.vupen.com/english/advisories/2005/2633
https://exchange.xforce.ibmcloud.com/vulnerabilities/23264

FAQ

What is CVE-2005-4137?

CVE-2005-4137 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in viewinvoice.php in DRZES HMS 3.2 allows remote attackers to execute arbitrary SQL commands via the invoiceID parameter.

How severe is CVE-2005-4137?

CVE-2005-4137 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2005-4137?

Check the references section above for vendor advisories and patch information. Affected products include: Fad Solutions Drzes Hms.