Unrated severityNVD Advisory· Published Jul 31, 2007· Updated Apr 23, 2026

CVE-2007-4112

Description

Multiple SQL injection vulnerabilities in Advanced Webhost Billing System (AWBS) before 2.6.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged for XSS attacks that "bypass AWBS's anti-XSS input validation."

Affected products

Advanced Webhost Billing System/Advanced Webhost Billing System
cpe:2.3:a:advanced_webhost_billing_system:advanced_webhost_billing_system:*:*:*:*:*:*:*:*
Range: <=2.5.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/26214nvdExploitVendor Advisory
www.securityfocus.com/bid/25089nvdExploit
osvdb.org/37257nvd
www.justinsamuel.com/2007/06/10/awbs-magic_quotes_gpc-off-sql-injection-and-xss-vulnerabilities/nvd
exchange.xforce.ibmcloud.com/vulnerabilities/46160nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000