Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2046

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2006-2046
Last Modified 07 Mar 2011 09:34:52
Published 26 Apr 2006 04:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2046

Summary

Multiple SQL injection vulnerabilities in Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) keywords parameters in (a) Results.cfm, and the (3) ProdID parameter in (b) Details.cfm.

Vulnerable Systems

Application

  • Application Dynamics Cartweaver Coldfusion 2.16.11


References

VUPEN - ADV-2006-1513

XF - cartweaver-multiple-sql-injection(26060)

CONFIRM - http://www.techfeed.net/blog/index.cfm/2006/4/26/cartweaver-holes

BID - 25210

BID - 17941

OSVDB - 24962

OSVDB - 24961

MILW0RM - 4264

SECUNIA - 19812

MISC - http://pridels0.blogspot.com/2006/04/cartweaver-coldfusion-vuln.html


Last Updated: 27 May 2016 10:42:18