CVE-2008-5959

Name of the Vulnerable Software and Affected Versions Active Test version 2.1

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the useremail parameter (also known as the username field) or the password parameter (also known as the password field) in the start.asp file.

Recommendations For Active Test version 2.1, consider restricting access to the start.asp file until a fix is available. As a temporary workaround, avoid using the useremail and password parameters in the start.asp file to minimize the risk of exploitation.