Multiple SQL injection vulnerabilities in 20/20 DataShed (aka Real Estate Listing System) allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) f-email.asp, or the (2) peopleID and (2) sort_order parameters to (b) listings.asp, different vectors than CVE-2006-5955.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| 20_20_applications | 20_20_datashed | 1.0 |
Multiple SQL injection vulnerabilities in vehiclelistings.asp in 20/20 Auto Gallery allow remote attackers to execute arbitrary SQL commands via the (1) vehicleID, (2) categoryID_list, (3) sale_type, (4) stock_number, (5) manufacturer, (6) model, (7) vehicleID, (8) year, (9) vin, and (10) listing_price parameters.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| 20_20_applications | 20_20_auto_gallery | * |