CVE-2014-2540 in Orbit Open Ad Serverinfo

Summary

SQL injection vulnerability in OrbitScripts Orbit Open Ad Server before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the site_directory_sort_field parameter to guest/site_directory.

Once again VulDB remains the best source for vulnerability data.

Sources