CVE-2009-1655 Information

Description

Multiple SQL injection vulnerabilities in myaccount.php in Easy Scripts Answer and Question Script allow remote authenticated users to execute arbitrary SQL commands via the (1) user name (userid parameter) and (2) password.

Reference

http://osvdb.org/54502 http://secunia.com/advisories/35067 http://www.securityfocus.com/bid/34975 https://www.exploit-db.com/exploits/8690