CVE-2010-0710

ASPCode CMS contains an SQL injection in default.asp affecting versions 1.5.8 and 2.0.0 Build 103 (and possibly others). The vulnerability occurs when the newsid parameter is supplied and the sec parameter equals 26, allowing remote attackers to execute arbitrary SQL commands. The available sourc...

CVE-2010-0711

The CVE-2010-0711 entry affects ASPCode CMS versions 1.5.8 and 2.0.0 Build 103 (and possibly others). The issue is a Cross-site Request Forgery (CSRF) in default.asp that enables remote attackers to hijack an administrator’s session for actions triggered via the ma2 parameter, specifically (1) de...