Assetman · Assetman · CVE-2008-4161
**Name of the Vulnerable Software and Affected Versions**
Assetman version 2.5b
**Description**
The issue allows remote attackers to execute arbitrary SQL commands and conduct session fixation attacks. This is achieved through a combination of crafted `order` and `order by` parameters in a "search all" action.
**Recommendations**
For Assetman version 2.5b, consider restricting access to the search inv.php file until a patch is available, and avoid using the `order` and `order by` parameters in the search all action to minimize the risk of exploitation.