CVE-2009-3148 Information

Description

Multiple SQL injection vulnerabilities in PortalXP Teacher Edition 1.2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) calendar.php (2) news.php and (3) links.php; and the (4) assignment_id parameter to assignments.php.

Reference

http://www.exploit-db.com/exploits/9325