CVE-2009-4436
CVE-2009-4436 describes multiple SQL injection vulnerabilities in Active Web Software’s eWebquiz 8. Attackable vectors are the QuizID parameter passed to (1) questions.asp, (2) importquestions.asp, and (3) quiztakers.asp. The issue allows remote attackers to execute arbitrary SQL commands. These ...