Vulnerability CVE-2006-2300
Published: 2006-05-11   Modified: 2012-02-12

Description:
Multiple SQL injection vulnerabilities in EImagePro allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter to subList.asp, (2) SubjectID parameter to imageList.asp, or (3) Pic parameter to view.asp.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Keyvan1 -> Eimagepro 

 References:
http://www.vupen.com/english/advisories/2006/1749
http://www.securityfocus.com/bid/17911
http://secunia.com/advisories/20043
http://downloads.securityfocus.com/vulnerabilities/exploits/eimagepro-xss.txt
http://xforce.iss.net/xforce/xfdb/26343
http://www.osvdb.org/25333
http://www.osvdb.org/25332
http://www.osvdb.org/25331
Copyright 2024, cxsecurity.com

 

Back to Top