CVE-2006-5450 - Trickier Teeth
Description
SQL injection vulnerability in index.asp in Kinesis Interactive Cinema System (KICS) CMS allows remote attackers to execute arbitrary SQL commands via the (1) txtUsername (user) or (2) txtPassword (pass) parameters.
Reference
http://www.securityfocus.com/bid/20607 http://secunia.com/advisories/22493 http://www.osvdb.org/29901 http://securityreason.com/securityalert/1757 http://www.vupen.com/english/advisories/2006/4130 https://exchange.xforce.ibmcloud.com/vulnerabilities/29683 http://www.securityfocus.com/archive/1/449227/100/0/threaded