CVE-2006-4852
CVE-2006-4852 describes a SQL injection vulnerability in QuadComm Q-Shop 3.5, specifically in the browse.asp module where the OrderBy parameter can be abused to execute arbitrary SQL commands. Affected software: QuadComm Q-Shop 3.5 (browse.asp). Underlying cause: improper handling of the OrderBy ...