CVE-2009-4437
CVE-2009-4437 affects Active Auction House 3.6. It has multiple SQL injection vulnerabilities allowing remote attackers to execute arbitrary SQL via the catid parameter to wishlist.asp and the linkid parameter to links.asp (vector 1 may overlap CVE-2005-1029). The description notes the issue is i...