CVE-2006-6090 - Lapidific Energizer
Description
Multiple SQL injection vulnerabilities in BaalAsp forum allow remote attackers to execute arbitrary SQL commands via the (1) password parameter to (a) adminlogin.asp the (2) name or (3) password parameter to (b) userlogin.asp or the (3) search parameter to search.asp.
Reference
http://s-a-p.ca/index.php?page=OurAdvisories&id=35 http://www.securityfocus.com/bid/21111 http://secunia.com/advisories/22943 http://securityreason.com/securityalert/1913 http://www.vupen.com/english/advisories/2006/4579 https://exchange.xforce.ibmcloud.com/vulnerabilities/30343 https://exchange.xforce.ibmcloud.com/vulnerabilities/30342 http://www.securityfocus.com/archive/1/451846/100/100/threaded