Multiple SQL injection vulnerabilities in Active Test 2.1 allow remote attackers to execute arbitrary SQL commands via the QuizID parameter to (1) questions.asp, (2) importquestions.asp, and (3) quiztakers.asp.
https://www.exploit-db.com/exploits/7295
https://exchange.xforce.ibmcloud.com/vulnerabilities/46919
http://www.vupen.com/english/advisories/2008/3299
http://www.securityfocus.com/bid/32547