CVE-2006-2300

Опубликовано: 11 мая 2006

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Multiple SQL injection vulnerabilities in EImagePro allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter to subList.asp, (2) SubjectID parameter to imageList.asp, or (3) Pic parameter to view.asp.

Ссылки

http://downloads.securityfocus.com/vulnerabilities/exploits/eimagepro-xss.txt
Exploit
http://secunia.com/advisories/20043
Exploit
Vendor Advisory
http://www.osvdb.org/25331
http://www.osvdb.org/25332
http://www.osvdb.org/25333
http://www.securityfocus.com/bid/17911
Exploit
http://www.vupen.com/english/advisories/2006/1749
https://exchange.xforce.ibmcloud.com/vulnerabilities/26343
http://downloads.securityfocus.com/vulnerabilities/exploits/eimagepro-xss.txt
Exploit
http://secunia.com/advisories/20043
Exploit
Vendor Advisory
http://www.osvdb.org/25331
http://www.osvdb.org/25332
http://www.osvdb.org/25333
http://www.securityfocus.com/bid/17911
Exploit
http://www.vupen.com/english/advisories/2006/1749
https://exchange.xforce.ibmcloud.com/vulnerabilities/26343

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:keyvan1:eimagepro:*:*:*:*:*:*:*:*

EPSS

Процентиль: 82%

0.01735

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-52h3-w7h4-4p97

github

почти 4 года назад