CVE-2008-2862 Information

Description

Multiple SQL injection vulnerabilities in eLineStudio Site Composer (ESC) 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to ansFAQ.asp and the (2) template_id parameter to preview.asp.

Reference

http://osvdb.org/46461 http://secunia.com/advisories/30762 http://securityreason.com/securityalert/3957 http://www.bugreport.ir/?/45 http://www.securityfocus.com/archive/1/493473/100/0/threaded http://www.securityfocus.com/bid/29812 https://exchange.xforce.ibmcloud.com/vulnerabilities/43190 https://www.exploit-db.com/exploits/5859