CVE-2006-5927

Description

SQL injection vulnerability in cpLogin.asp in ASP Scripter Easy Portal 1.4 and Live Support 1.3 allows remote attackers to execute arbitrary SQL commands via the Password parameter.

Affected products

• asp_scripter / easy_portal1.4 – 1.4
• asp_scripter / live_support1.3 – 1.3

References

• MISChttp://securityreason.com/securityalert/1874
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2006/4499
• MISChttp://www.securityfocus.com/bid/21031
• MISChttp://www.securityfocus.com/archive/1/451370/100/0/threaded
• VENDOR_ADVISORYhttp://secunia.com/advisories/22856