Clientexec allows remote attackers to gain sensitive information via an HTTP request to phpinfo.php, which calls the phpinfo function.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| clientexec | clientexec | 2.2.1 |
SQL injection vulnerability in index.php in ClientExec 2.3 allows remote attackers to execute arbitrary SQL commands via the (1) billshowid, (2) billdetailid, (3) fuse, and (4) frmClientID parameters.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| clientexec | clientexec | 2.3 |