CVE-2010-5008

SQL injection vulnerability in pages/contact_list_mail_form.asp in BrightSuite Groupware 5.4 allows remote attackers to execute arbitrary SQL commands via the ContactID parameter.

Date published : 2011-11-02

http://www.securityfocus.com/bid/40845

http://www.exploit-db.com/exploits/13843/