Description
Multiple SQL injection vulnerabilities in Active Test 2.1 allow remote attackers to execute arbitrary SQL commands via the QuizID parameter to (1) questions.asp, (2) importquestions.asp, and (3) quiztakers.asp.
Affected products
- activewebsoftwares / active_test2.1 – 2.1
References
- MISChttp://osvdb.org/50407
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2008/3299
- EXPLOIThttps://www.exploit-db.com/exploits/7295
- MISChttp://www.securityfocus.com/bid/32547
- MISChttp://osvdb.org/50405
- VENDOR_ADVISORYhttp://secunia.com/advisories/32902
- MISChttp://osvdb.org/50406
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/46919