Intrusion Prevention

PollMentor.Pollmentorres.ASP.SQL.Injection

Description

PollMentor has a SQL-injection vulnerability. A remote attacker could execute arbitrary SQL commands in the back-end database via a specially-crafted HTTP request to the "pollmentorres.asp" script, with injected SQL statements in the "id" parameter.

Affected Products

PollMentor version 2.00 and prior.

Impact

Data Manipulation.

Recommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.
http://www.systementor.se/l_sv-SE/t_2_goflexible2/default.aspx

CVE References

CVE-2007-0984