Vulnonym.org

CVE-2008-2862 - Diamantine Reliabilities

Description

Multiple SQL injection vulnerabilities in eLineStudio Site Composer (ESC) 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to ansFAQ.asp and the (2) template_id parameter to preview.asp.

Reference

http://www.bugreport.ir/?/45 http://www.securityfocus.com/bid/29812 http://secunia.com/advisories/30762 http://securityreason.com/securityalert/3957 http://osvdb.org/46461 https://exchange.xforce.ibmcloud.com/vulnerabilities/43190 https://www.exploit-db.com/exploits/5859 http://www.securityfocus.com/archive/1/493473/100/0/threaded