last samurai has reported a vulnerability in ASP Virtual News Manager, which can be exploited by malicious people to conduct SQL injection attacks.
Input passed to the "password" field in "admin_login.asp" isn't properly sanitized before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
SOFTWARE:
ASP Virtual News Manager 1.x
SOLUTION:
Edit the source code to ensure that input is properly sanitized.
PROVIDED AND/OR DISCOVERED BY:
last samurai
ORIGINAL ADVISORY:
http://www.under9round.com/avn13.txt
VERIFY ADVISORY:
http://secunia.com/advisories/15346/
Secunia Security Advisories
http://community.securityteam.us/article.php/20050516100500701