Unrated severityNVD Advisory· Published Jul 31, 2007· Updated Jun 16, 2026
CVE-2007-4112
CVE-2007-4112
Description
Multiple SQL injection vulnerabilities in Advanced Webhost Billing System (AWBS) before 2.6.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged for XSS attacks that "bypass AWBS's anti-XSS input validation."
Affected products
3cpe:2.3:a:advanced_webhost_billing_system:advanced_webhost_billing_system:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:advanced_webhost_billing_system:advanced_webhost_billing_system:*:*:*:*:*:*:*:*range: <=2.5.1
- (no CPE)range: <2.6.0
- Range: <2.6.0
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.