Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to execute arbitrary SQL commands via the cmbdomain parameter to (1) checktransferstatus.php, (2) checktransferstatusbck.php, or (3) additionalsettings.php; or (4) invno parameter to payinvoiceothers.php.

References

• https://nvd.nist.gov/vuln/detail/CVE-2013-7189
• https://exchange.xforce.ibmcloud.com/vulnerabilities/89816
• http://osvdb.org/101049
• http://osvdb.org/101050
• http://osvdb.org/101051
• http://osvdb.org/101053
• http://seclists.org/fulldisclosure/2013/Dec/121