Intrusion Prevention

Expinion.Net.MMS.ID.SQL.Injection

Description

It indicates the attempt of an "SQL injection Vulnerability" on the Expinion.net Member Management System.


The Member Management System by Expinion.net allows web administrators to manage access to different parts of web sites. There exists an SQL Injection vulnerability in the ID parameters for resend.asp and news_views.asp. This could allow an attacker to execute arbitrary SQL queries against the database.

Affected Products

Expinion.net Member Management System 2.1

Impact

Compromise of the affected system.

Recommended Actions

Apply appropriate patch from the vendor or Upgrade to non-vulnerable version if available.

CVE References

CVE-2004-1843