CVE-2006-6090

Name of the Vulnerable Software and Affected Versions BaalAsp forum (affected versions not specified)

Description The issue concerns multiple SQL injection vulnerabilities. These vulnerabilities allow remote attackers to execute arbitrary SQL commands. The vulnerabilities can be exploited through specific parameters in various ASP pages, including the password parameter to "adminlogin.asp", the name or password parameters to "userlogin.asp", or the search parameter to "search.asp".

Recommendations For the "adminlogin.asp" page, avoid using the password parameter until a fix is available. For the "userlogin.asp" page, restrict the use of the name and password parameters to minimize risk. For the "search.asp" page, consider disabling the search parameter as a temporary workaround. At the moment, there is no information about a newer version that contains a fix for this vulnerability.