Back to search
CVE-2009-4437
Published: Dec 28, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple SQL injection vulnerabilities in Active Auction House 3.6 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to wishlist.asp and the (2) linkid parameter to links.asp. NOTE: vector 1 might overlap CVE-2005-1029.1.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
activeauctionhouse-links-sql-injection(54891)
vdb-entry
x_refsource_XF
37401
vdb-entry
x_refsource_BID
10520
exploit
x_refsource_EXPLOIT-DB
14839
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now