SQL injection vulnerability in default.asp in ATCOM Netvolution 1.0 ASP allows remote malicious users to execute arbitrary SQL commands via the bpe_nid parameter.
atcom netvolution 1.0