CVE-2006-2954
CVE-2006-2954 affects OfficeFlow 2.6 and earlier, where a SQL injection vulnerability exists in files.asp that allows remote attackers to execute arbitrary SQL commands via the Project parameter. The publicly available documents confirm the vulnerable component (files.asp) and the injection vecto...