2 matches found
CVE-2009-4464
CVE-2009-4464 : Cross-site scripting (XSS) in Active Business Directory 2, via searchadvance.asp, allows remote attackers to inject arbitrary web script/HTML through the search parameter. The vulnerability arises from insufficient sanitization of user input, enabling stored/reflective-like effect...
CVE-2008-5972
CVE-2008-5972 describes an SQL injection in default.asp of Active Business Directory 2, exploitable via the catid parameter to execute arbitrary SQL commands. The cited sources confirm remote exploitation with impacts including potential data access/modification; no explicit remediation is provid...