CVE-2009-4155 Information

Description

Multiple SQL injection vulnerabilities in Eshopbuilde CMS allow remote attackers to execute arbitrary SQL commands via the sitebid parameter to (1) home-f.asp and (2) opinions-f.asp; (3) sitebid (4) id (5) secText (6) client-ip and (7) G_id parameters to more-f.asp; (8) sitebid (9) id (10) ma_id (11) mi_id (12) secText (13) client-ip and (14) G_id parameters to selectintro.asp; (15) sitebid (16) secText (17) adv_code and (18) client-ip parameters to advcount.asp; (19) sitebid (20) secText (21) Grp_Code (22) _method and (23) client-ip parameters to advview.asp; and (24) sitebid (25) secText (26) newsId and (27) client-ip parameters to dis_new-f.asp.

Reference

http://www.securityfocus.com/archive/1/508137/100/0/threaded