CVE-2009-3503
Multiple SQL injection vulnerabilities in search.aspx in BPowerHouse BPHolidayLettings 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) rid and (2) tid parameters.
Date published : 2009-09-30
http://packetstormsecurity.org/0909-exploits/bpholidaylettings-sql.txt