CVE-2009-4437 in Active Auction House
Сводка (Английский)
Multiple SQL injection vulnerabilities in Active Auction House 3.6 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to wishlist.asp and the (2) linkid parameter to links.asp. NOTE: vector 1 might overlap CVE-2005-1029.1.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Резервировать
28.12.2009
Раскрытие
28.12.2009
Статус
Подтверждённый
Записи
VulDB provides additional information and datapoints for this CVE:
| ИД | Уязвимость | CWE | Экс | Кон | CVE |
|---|---|---|---|---|---|
| 51319 | Active Web Softwares Active Auction House wishlist.asp SQL-инъекция | 89 | Высокий | Unavailable | CVE-2009-4437 |