CVE-2009-0429 Information

Description

Multiple SQL injection vulnerabilities in Active Bids allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to search.asp (2) SortDir parameter to auctionsended.asp and the (3) catid parameter to wishlist.php.

Reference

http://www.securityfocus.com/archive/1/500144/100/0/threaded http://www.securityfocus.com/bid/33306