Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3027

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-3027
Last Modified 07 Mar 2011 09:37:29
Published 15 Jun 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3027

Summary

Multiple SQL injection vulnerabilities in Enthrallwebe ePhotos 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) CAT_ID parameter in (a) subphotos.asp and (b) subLevel2.asp, the (2) AL_ID parameter in (c) photo.asp, and the (3) SUB_ID parameter in (d) subLevel2.asp.

Vulnerable Systems

Application

  • Enthrallweb Ephotos 2.2


References

VUPEN - ADV-2006-5160

VUPEN - ADV-2006-2316

BID - 21742

OSVDB - 26367

OSVDB - 26366

OSVDB - 26365

SECUNIA - 23525

SECUNIA - 20609

MILW0RM - 2986

XF - ephotos-multiple-script-sql-injection(27035)

MISC - http://pridels0.blogspot.com/2006/06/ephotos-vuln.html


Last Updated: 27 May 2016 10:42:52