• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Multiple ActiveWebSoftwares Products Login Parameters SQL Injection Vulnerabilities

Multiple ActiveWebSoftwares products are prone to SQL-injection vulnerabilities because they fail to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The following applications are vulnerable:

ActiveVotes 2.2
Active Force Matrix 2
Active Trade 2
Active Price Comparison 4
Active Test 2.1
eWebQuiz 8
Active Newsletter 4.3
Active Web Mail 4
Active Websurvey 9.1
Active Membership 2
Active Web Helpdesk 2
Active Photo Gallery 6.2
Active Time Billing 3.2