CVE-2010-3404
The CVE concerns eshtery CMS (eshtery.com). The vulnerability is a SQL injection affecting the application in two input paths: (1) the Criteria field tied to catlgsearch.aspx and (2) the user name input on adminlogin.aspx. The root cause is unsafe handling/concatenation of user-supplied data, ena...