CVE-2006-6090 Information

Description

Multiple SQL injection vulnerabilities in BaalAsp forum allow remote attackers to execute arbitrary SQL commands via the (1) password parameter to (a) adminlogin.asp the (2) name or (3) password parameter to (b) userlogin.asp or the (3) search parameter to search.asp.

Reference

http://s-a-p.ca/index.php?page=OurAdvisories&id=35 http://secunia.com/advisories/22943 http://securityreason.com/securityalert/1913 http://www.securityfocus.com/archive/1/451846/100/100/threaded http://www.securityfocus.com/bid/21111 http://www.vupen.com/english/advisories/2006/4579 https://exchange.xforce.ibmcloud.com/vulnerabilities/30342 https://exchange.xforce.ibmcloud.com/vulnerabilities/30343