3 matches found
CVE-2008-5638
CVE-2008-5638 : Multiple SQL injection vulnerabilities in Active Price Comparison 4 allow remote attackers to execute arbitrary SQL commands via the ProductID parameter to reviews.aspx or the linkid parameter to links.asp. The issue is evidenced by multiple sources (NVD entry and Exploit-DB listi...
CVE-2008-5975
CVE-2008-5975 describes a SQL injection in Active Price Comparison 4.0, specifically in links.asp, exploitable via the linkid parameter. The vulnerability allows remote attackers to execute arbitrary SQL commands. Several connected sources corroborate the issue, including NVD/NVD mirrors and Expl...
CVE-2008-5974
CVE-2008-5974 affects Active Price Comparison 4.0, where the login.aspx page is vulnerable to SQL injection via the (1) username and (2) password fields. The root cause is improper handling of user input in the login form, allowing remote attackers to execute arbitrary SQL commands. The available...