CVE-2009-4437 in Active Auction House
Resumen (Inglés)
Multiple SQL injection vulnerabilities in Active Auction House 3.6 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to wishlist.asp and the (2) linkid parameter to links.asp. NOTE: vector 1 might overlap CVE-2005-1029.1.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Reservar
2009-12-28
Divulgación
2009-12-28
Estado
Confirmado
Voces
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerabilidad | CWE | Exp | Con | CVE |
|---|---|---|---|---|---|
| 51319 | Active Web Softwares Active Auction House wishlist.asp inyección SQL | 89 | Alto | Unavailable | CVE-2009-4437 |
Descripción
CPE
CWE
CVSS
Hazañas
Historia
Diferencia
Relacionar
Inteligencia de amenazas
API JSON
API XML
API CSV