Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2300

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-2300
Last Modified 07 Mar 2011 09:35:54
Published 11 May 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2300

Summary

Multiple SQL injection vulnerabilities in EImagePro allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter to subList.asp, (2) SubjectID parameter to imageList.asp, or (3) Pic parameter to view.asp.

Vulnerable Systems

Application

  • Keyvan1 Eimagepro


References

VUPEN - ADV-2006-1749

BID - 17911

SECUNIA - 20043

MISC - http://downloads.securityfocus.com/vulnerabilities/exploits/eimagepro-xss.txt

XF - eimagepro-multiple-sql-injection(26343)

OSVDB - 25333

OSVDB - 25332

OSVDB - 25331


Last Updated: 27 May 2016 10:42:24