Andrews Web · Andrews-Web Bannerad · CVE-2009-4721
**Name of the Vulnerable Software and Affected Versions**
Andrews-Web (A-W) BannerAd version 1.0
**Description**
The issue concerns SQL injection vulnerabilities in the Admin/index.asp file. Remote attackers can execute arbitrary SQL commands by manipulating the `User` and `Password` parameters.
**Recommendations**
For Andrews-Web (A-W) BannerAd version 1.0, consider restricting access to the Admin/index.asp file until a fix is available, and avoid using the `User` and `Password` parameters in a way that could facilitate SQL injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.