RETIRED: PHP Wares PHP Inventory Multiple SQL Injection Vulnerabilities

Bugtraq ID:	50863
Class:	Input Validation Error
CVE:	CVE-2009-4595 CVE-2009-4596 CVE-2009-4597
Remote:	Yes
Local:	No
Published:	Nov 30 2011 12:00AM
Updated:	Dec 02 2011 11:16PM
Credit:	Stefan Schurtz
Vulnerable:	PHP Wares PHP Inventory 1.3.1
Not Vulnerable:	PHP Wares PHP Inventory 1.3.2

RETIRED: PHP Wares PHP Inventory Multiple SQL Injection Vulnerabilities

PHP Inventory is prone to multiple SQL-injection vulnerabilities.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

PHP Wares PHP Inventory 1.3.1 is vulnerable; other versions may be affected.

Note: This BID is being retired as the issue discussed is already covered in BID 41819 (PHP Wares PHP Inventory Cross-Site Scripting and SQL Injection Vulnerabilities).

PHP Wares PHP Inventory Multiple SQL Injection Vulnerabilities

An attacker can exploit these issues through a browser.

The following example data are available:

http://www.example.com/php-inventory/index.php

// with 'magic_quotes_gpc = Off'

USER NAME = ' or 1=1#

or

USER NAME = admin
PASSWORD = ' or 1=1#

PHP Wares PHP Inventory Multiple SQL Injection Vulnerabilities

Solution:
Updates are available. Please see the references for more information.

PHP Wares PHP Inventory Multiple SQL Injection Vulnerabilities

References:

• PHP Inventory - Homepage (PHP Wares)
  
• PHP Inventory 1.3.1 Remote (Auth Bypass) SQL Injection Vulnerability ([email protected])