2 matches found
CVE-2006-0490
SQL injection vulnerability in login.asp in ASPThai.Net ASPThai Forums 8.0 and earlier allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the password field.
CVE-2008-6872
ASPThai.NET ASPThai Forums 8.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/aspthaiForum.mdb.