Intrusion Prevention

AutoDealer.Detail.ASP.SQL.Injection

Description

The autoDealer application has an SQL-injection vulnerability. A remote attacker could execute arbitrary SQL commands in the back-end database via a specially-crafted HTTP request to "detail.asp" script with injecting SQL statements in "iPro" parameter.

Affected Products

autoDealer version 2.0 and prior

Impact

SQL injection

Recommended Actions

Currently we are not aware of any official supplied fix for this issue.
http://www.aspsiteware.com/Auto.asp

CVE References

CVE-2007-0053