Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2296

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2006-2296
Last Modified 07 Mar 2011 09:35:54
Published 09 May 2006 10:14:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2296

Summary

SQL injection vulnerability in search_result.asp in EDirectoryPro 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the keyword parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

Vulnerable Systems

Application

  • Keyvan1.com Edirectorypro 2.0


References

VUPEN - ADV-2006-1739

SECUNIA - 20017

XF - edirectorypro-search-sql-injection(26319)

BID - 17912

OSVDB - 25334

MISC - http://downloads.securityfocus.com/vulnerabilities/exploits/edirectorypro-sql-inj.txt


Last Updated: 27 May 2016 10:42:24