CVE-2006-2504 Information

Description

Multiple SQL injection vulnerabilities in mono AZBOARD 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) search and (2) cate parameters to (a) list.asp and the (3) id and cate parameters to (b) admin_ok.asp.

Reference

http://secunia.com/advisories/20112 http://securityreason.com/securityalert/928 http://user.chol.com/~jyj9782/sec/azboard_advisory.txt http://www.osvdb.org/25527 http://www.osvdb.org/25528 http://www.securityfocus.com/archive/1/434010/100/0/threaded http://www.securityfocus.com/bid/17990 http://www.vupen.com/english/advisories/2006/1827 https://exchange.xforce.ibmcloud.com/vulnerabilities/26495