CVE-2006-5217

Name of the Vulnerable Software and Affected Versions Emek Portal version 2.1

Description The issue allows remote attackers to execute arbitrary SQL commands by injecting into the k a and sifre parameters in the uyegiris.asp file. This is achieved by simultaneously injecting into the user name and pass fields.

Recommendations For Emek Portal version 2.1, consider restricting access to the giris yap.asp file until a patch is available. As a temporary workaround, avoid using the k a and sifre parameters in the uyegiris.asp file to minimize the risk of exploitation.