VULHUB ™

Multiple SQL injection vulnerabilities exist in the FactoSystem Content Management System that may allow an attacker to introduce instructions into an SQL query. The vulnerabilities exist because the script fails to verify the validity of numeric data or fails to properly escape certain control characters in strings. Example URL's included. IIS 4.0 or later with ASP enabled and FactoSystem CMS is vulnerable.

Multiple SQL injection vulnerabilities exist in the FactoSystem Content Management System that may allow an attacker to introduce instructions into an SQL query. The vulnerabilities exist because the script fails to verify the validity of numeric data or fails to properly escape certain control characters in strings. Example URL's included. IIS 4.0 or later with ASP enabled and FactoSystem CMS is vulnerable.