cpe:/a:gatesoft:docusafe:4.1.0 cpe:/a:gatesoft:docusafe:4.1.2 CVE-2010-4736 2011-02-15T22:00:02.820-05:00 2011-09-21T23:27:12.977-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2011-02-16T10:20:00.000-05:00 EXPLOIT-DB 15686 SECUNIA 27660 BID 45182 SREASON 8086 MISC http://packetstormsecurity.org/files/view/96398/gatesafedocusafe-sql.txt SQL injection vulnerability in ECO.asp in GateSoft DocuSafe 4.1.0 and 4.1.2 allows remote attackers to execute arbitrary SQL commands via the ECO_ID parameter. NOTE: some of these details are obtained from third party information.