CVE-2005-2062 Information

Description

Multiple SQL injection vulnerabilities in ActiveBuyAndSell 6.2 allow remote attackers to execute arbitrary SQL commands via the catid parameter to (1) default.asp or (2) buyersend.asp (3) Administrator ID field in admin.asp E-mail field in (4) advertiserstart.asp or (5) buyer.asp or Keyword field in search.asp.

Reference

http://echo.or.id/adv/adv21-theday-2005.txt http://marc.info/?l=bugtraq&m=111963341429906&w=2 http://www.securityfocus.com/bid/23110 http://www.vupen.com/english/advisories/2007/1096 https://exchange.xforce.ibmcloud.com/vulnerabilities/33183 https://www.exploit-db.com/exploits/3550