SQL Injection Vulnerabilities in A-FAQ 1.0: Remote Code Execution

CVE-2005-4064 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in A-FAQ 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) faqid parameter to faqDspItem.asp and (2) catcode parameter to faqDsp.asp.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.