CVE-2008-5958 Information

Description

Multiple SQL injection vulnerabilities in Active Test 2.1 allow remote attackers to execute arbitrary SQL commands via the QuizID parameter to (1) questions.asp (2) importquestions.asp and (3) quiztakers.asp.

Reference

http://osvdb.org/50405 http://osvdb.org/50406 http://osvdb.org/50407 http://secunia.com/advisories/32902 http://www.securityfocus.com/bid/32547 http://www.vupen.com/english/advisories/2008/3299 https://exchange.xforce.ibmcloud.com/vulnerabilities/46919 https://www.exploit-db.com/exploits/7295