2 matches found
CVE-2008-5595
The CVE-2008-5595 entry describes a SQL injection vulnerability in detail.asp of the ASP AutoDealer application. The flaw allows remote attackers to execute arbitrary SQL commands by supplying a crafted ID parameter, enabling access or manipulation of the underlying database as described in the v...
CVE-2008-5608
CVE-2008-5608 affects ASP AutoDealer where sensitive data is stored under the web root and is not properly access-controlled. The underlying issue is direct access to the web-root file auto.mdb, enabling remote attackers to download the database file via a direct request. The available connected ...