cpe:/a:active_web_softwares:active_test:2.1 CVE-2008-5959 2009-01-23T14:00:05.110-05:00 2017-09-28T21:32:54.277-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-01-26T10:30:00.000-05:00 ALLOWS_OTHER_ACCESS SECUNIA 32902 OSVDB 50408 EXPLOIT-DB 7276 XF activetest-start-sql-injection(46921) Multiple SQL injection vulnerabilities in start.asp in Active Test 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or (2) password parameter (aka password field). NOTE: some of these details are obtained from third party information.