CVE-2009-4198

Publication date

2009-12-04 19:00:00

Family

mitre

State

PUBLISHED

Description

SQL injection vulnerability in my_orders.php in MyMiniBill allows remote authenticated users to execute arbitrary SQL commands via the orderid parameter in a status action.