2 matches found
CVE-2008-5562
CVE-2008-5562 : ASPPortal has insufficient access control that exposes the web root, allowing remote attackers to download the database file by requesting xportal.mdb directly. Public references indicate this is a straightforward local-file exposure rather than a remote-code execution flaw. The c...
CVE-2008-5605
CVE-2008-5605 concerns multiple SQL injection vulnerabilities in the ASP Portal. The affected components are the pages involved in classifieds.asp (ItemID parameter) and Events.asp (ID parameter). The underlying issue is that user-supplied input is used in SQL without proper validation or paramet...