Multiple SQL injection vulnerabilities in SubscriberStart.asp in Active Newsletter 4.3 allow remote malicious users to execute arbitrary SQL commands via (1) the email parameter (aka username or E-mail field), or (2) the password parameter (aka password field), to (a) Subscriber.asp or (b) start.asp. NOTE: some of these details are obtained from third party information.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
activewebsoftwares active newsletter 4.3 |