cpe:/a:activewebsoftwares:active_auction_house:3.6 CVE-2009-4437 2009-12-28T14:00:00.983-05:00 2017-08-16T21:31:35.413-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-12-29T08:39:00.000-05:00 EXPLOIT-DB 10520 SECUNIA 14839 BID 37401 XF activeauctionhouse-links-sql-injection(54891) MISC http://packetstormsecurity.org/0912-exploits/activeauctionhouse-sql.txt Multiple SQL injection vulnerabilities in Active Auction House 3.6 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to wishlist.asp and the (2) linkid parameter to links.asp. NOTE: vector 1 might overlap CVE-2005-1029.1.