CVE-2009-4437 Information

Description

Multiple SQL injection vulnerabilities in Active Auction House 3.6 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to wishlist.asp and the (2) linkid parameter to links.asp. NOTE: vector 1 might overlap CVE-2005-1029.1.

Reference

http://packetstormsecurity.org/0912-exploits/activeauctionhouse-sql.txt http://secunia.com/advisories/14839 http://www.exploit-db.com/exploits/10520 http://www.securityfocus.com/bid/37401 https://exchange.xforce.ibmcloud.com/vulnerabilities/54891