A-FAQ 1.0 faqDspItem.asp faqid Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/15741/info A-FAQ is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to...

CVE-2005-4064

CVE-2005-4064 describes multiple SQL injection vulnerabilities in A-FAQ 1.0, allowing remote attackers to execute arbitrary SQL commands through the faqDspItem.asp (faqid parameter) and faqDsp.asp (catcode parameter). Affected product: A-FAQ 1.0. Underlying cause and exact impact are documented a...