CVE-2005-3208

Name of the Vulnerable Software and Affected Versions aeNovo (affected versions not specified) aeNovoShop (affected versions not specified) aeNovoWYSI (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary SQL code, potentially enabling cross-site scripting (XSS) attacks in resulting error messages. This can be achieved via the password parameter in "control.asp" and the strSQL parameter in "search.asp".

Recommendations For aeNovo, consider restricting access to the control.asp and search.asp pages until a fix is available. For aeNovoShop, avoid using the password parameter in "control.asp" and the strSQL parameter in "search.asp" until the issue is resolved. For aeNovoWYSI, as a temporary workaround, consider disabling the execution of SQL code from user-input parameters in "control.asp" and "search.asp" until a patch is available.