2 matches found
CVE-2006-2499
SQL injection vulnerability in default.asp in CodeAvalanche News CANews 1.2 allows remote attackers to execute arbitrary SQL commands via the password field...
CVE-2006-2499
CVE-2006-2499 affects CodeAvalanche News (CANews) 1.2, where a SQL injection in default.asp via the password field allows remote execution of arbitrary SQL. The linked data list a CVSSv2 base score of 7.5 (HIGH) with NETWORK attack vector, LOW access complexity, and no authentication required, yi...