Multiple SQL injection vulnerabilities in xlaabsolutenm.aspx in Absolute News Manager.NET 5.1 allow remote attackers to execute arbitrary SQL commands via the (1) z, (2) pz, (3) ord, and (4) sort parameters.
https://exchange.xforce.ibmcloud.com/vulnerabilities/38871
http://www.xigla.com/security/ANMNET51-SecurityUpdate20071128.zip
http://www.xigla.com/news/default.aspx
http://www.procheckup.com/Vulnerability_PR07-39.php