CVE-2006-5450 Information

Description

SQL injection vulnerability in index.asp in Kinesis Interactive Cinema System (KICS) CMS allows remote attackers to execute arbitrary SQL commands via the (1) txtUsername (user) or (2) txtPassword (pass) parameters.

Reference

http://secunia.com/advisories/22493 http://securityreason.com/securityalert/1757 http://www.osvdb.org/29901 http://www.securityfocus.com/archive/1/449227/100/0/threaded http://www.securityfocus.com/bid/20607 http://www.vupen.com/english/advisories/2006/4130 https://exchange.xforce.ibmcloud.com/vulnerabilities/29683