CVE-2006-6152 Information

Description

Multiple SQL injection vulnerabilities in vSpin.net Classified System 2004 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to (a) cat.asp or the (2) keyword (3) order (4) sort (5) menuSelect or (6) state parameter to (b) search.asp.

Reference

http://s-a-p.ca/index.php?page=OurAdvisories&id=47 http://secunia.com/advisories/22987 http://securityreason.com/securityalert/1926 http://securitytracker.com/id?1017259 http://www.securityfocus.com/archive/1/452179/100/100/threaded http://www.securityfocus.com/bid/21190 https://exchange.xforce.ibmcloud.com/vulnerabilities/30444