CVE-2008-5972
CVE-2008-5972 describes an SQL injection in default.asp of Active Business Directory 2, exploitable via the catid parameter to execute arbitrary SQL commands. The cited sources confirm remote exploitation with impacts including potential data access/modification; no explicit remediation is provid...