CVE-2005-1029 - Androdioecious Wog

Description

Multiple SQL injection vulnerabilities in Active Auction House allow remote attackers to execute arbitrary SQL commands via the (1) catid (2) SortDir or (3) Sortby parameter to default.asp (4) itemID parameter to ItemInfo.asp or (5) Email field to sendpassword.asp.

Reference

http://digitalparadox.org/advisories/aass.txt http://www.securityfocus.com/bid/13032 http://www.securityfocus.com/bid/13034 http://www.securityfocus.com/bid/13035 http://www.securitytracker.com/alerts/2005/Apr/1013649.html http://secunia.com/advisories/14839 http://www.osvdb.org/15281 http://www.osvdb.org/15282 http://www.osvdb.org/15283 http://marc.info/?l=bugtraq&m=111280834000432&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/19977