CVE-2006-0184 Information

Description

Multiple SQL injection vulnerabilities in AspTopSites allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to goto.asp or (2) password parameter to includeloginuser.asp.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0351.html http://secunia.com/advisories/18408 http://www.exploitlabs.com/files/advisories/EXPL-A-2006-001-asptopsites.txt http://www.osvdb.org/22330 http://www.vupen.com/english/advisories/2006/0146 https://exchange.xforce.ibmcloud.com/vulnerabilities/24072