MidnightBSD

Advisories for blentz

CVE-2010-3076 HIGH

The filter function in php/src/include.php in Simple Management for BIND (aka smbind) before 0.4.8 does not anchor a certain regular expression, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via the username parameter to the admin login page.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
blentz smbind 0.3.1
blentz smbind 0.4.6
blentz smbind *
blentz smbind 0.2
blentz smbind 0.4.3
blentz smbind 0.4.5
blentz smbind 0.2.1
blentz smbind 0.4.1
blentz smbind 0.4
blentz smbind 0.4.4
blentz smbind 0.4.2