CVE-2002-1499 Information

Description

Multiple SQL injection vulnerabilities in FactoSystem CMS allows remote attackers to perform unauthorized database actions via (1) the authornumber parameter in author.asp (2) the discussblurbid parameter in discuss.asp (3) the name parameter in holdcomment.asp and (4) the email parameter in holdcomment.asp.

Reference

http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0097.html http://online.securityfocus.com/archive/1/290021 http://sourceforge.net/tracker/index.php?func=detail&aid=602711&group_id=12668&atid=112668 http://www.iss.net/security_center/static/10000.php http://www.securityfocus.com/bid/5600