2 matches found
CVE-2008-5892
CVE-2008-5892 involves multiple SQL injection vulnerabilities in ClickAndEmail. The issues allow remote attackers to execute arbitrary SQL commands through (1) the ID parameter to admin_dblayers.asp in an update action, (2) the adminid parameter to admin_loginCheck.asp (the USERNAME field in admi...
CVE-2008-5893
CVE-2008-5893 is a cross-site scripting (XSS) vulnerability in ClickAndEmail, specifically in admin_dblayers.asp. The issue arises in the update action through the tablename parameter, allowing remote attackers to inject arbitrary web script or HTML. Documented impact indicates client-side execut...