CVE-2006-2887 Information

Description

Multiple SQL injection vulnerabilities in myNewsletter 1.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the UserName parameter in (1) validatelogin.asp or (2) adminlogin.asp.

Reference

http://secunia.com/advisories/20423 http://securityreason.com/securityalert/1054 http://securitytracker.com/id?1016229 http://www.kapda.ir/advisory-340.html http://www.osvdb.org/26127 http://www.osvdb.org/26274 http://www.securityfocus.com/archive/1/436018/100/0/threaded http://www.securityfocus.com/bid/18287 http://www.vupen.com/english/advisories/2006/2149 https://exchange.xforce.ibmcloud.com/vulnerabilities/26947