Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2042

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-2042
Last Modified 07 Mar 2011 09:34:51
Published 09 May 2006 03:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2042

Summary

Adobe Dreamweaver 8 before 8.0.2 and MX 2004 can generate code that allows SQL injection attacks in the (1) ColdFusion, (2) PHP mySQL, (3) ASP, (4) ASP.NET, and (5) JSP server models.

Vulnerable Systems

Application

  • Adobe Dreamweaver 7.0

  • Adobe Dreamweaver 8.0


References

CONFIRM - http://www.adobe.com/support/security/bulletins/apsb06-07.html

VUPEN - ADV-2006-1753

XF - dreamweaver-server-sql-injection(26339)

BID - 17928

OSVDB - 25361

SECTRACK - 1016050

SECUNIA - 20054

BUGTRAQ - 20060509 Multiple SQL Injection Vulnerabilities in Dreamweaver Generated Code

Related Patches

Adobe APSB06-07 Dreamweaver Server Behavior SQL Injection vulnerability

Adobe Dreamweaver 8 Server Behavior SQL Injection vulnerability for Mac (See Note)


Last Updated: 27 May 2016 10:42:18