CVE-2008-5605

Description

Multiple SQL injection vulnerabilities in ASP Portal allow remote attackers to execute arbitrary SQL commands via the (1) ItemID parameter to classifieds.asp and the (2) ID parameter to Events.asp.

Affected products

• aspapps / aspportal_nil_ – _nil_

References

• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/47127
• MISChttp://www.securityfocus.com/bid/32662
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/47268
• MISChttp://securityreason.com/securityalert/4763
• EXPLOIThttps://www.exploit-db.com/exploits/7357