CVE-2009-4437 in Active Auction Houseinfo

Summary

Multiple SQL injection vulnerabilities in Active Auction House 3.6 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to wishlist.asp and the (2) linkid parameter to links.asp. NOTE: vector 1 might overlap CVE-2005-1029.1.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

12/28/2009

Disclosure

12/28/2009

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
51319	Active Web Softwares Active Auction House wishlist.asp sql injection	89	High	Unavailable	CVE-2009-4437

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PreviousOverviewNext ▸

Want to know what is going to be exploited?

We predict KEV entries!