CVE-2011-3688 Information

Description

Multiple SQL injection vulnerabilities in Sonexis ConferenceManager 9.3.14.0 allow remote attackers to execute arbitrary SQL commands via (1) the g parameter to Conference/Audio/AudioResourceContainer.asp or (2) the txtConferenceID parameter to Login/HostLogin.asp.

Reference

http://securityreason.com/securityalert/8401 http://www.solutionary.com/index/SERT/Vuln-Disclosures/Sonexis-SQL-Injection.html