2 matches found
CVE-2006-6831
CVE-2006-6831 describes an SQL injection in the FAQ software: “faqDsp.asp” in aFAQ 1.0 . The vulnerability is triggered by the catcode parameter, enabling a remote attacker to execute arbitrary SQL commands. According to the provided metrics, the CVSS v2 base score is 7.5 (HIGH) with network acce...
CVE-2005-4064
CVE-2005-4064 describes multiple SQL injection vulnerabilities in A-FAQ 1.0, allowing remote attackers to execute arbitrary SQL commands through the faqDspItem.asp (faqid parameter) and faqDsp.asp (catcode parameter). Affected product: A-FAQ 1.0. Underlying cause and exact impact are documented a...