Lucene search

MitreCVE-2006-2347

HistoryMay 12, 2006 - 5:06 p.m.

CVE-2006-2347

2006-05-1217:06:00

mitre

web.nvd.nist.gov

e-business designer

ebd

remote attacks

server path

security vulnerability

cve-2006-2347

sql injection

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

7.6

Confidence

Low

EPSS

0.01

Percentile

84.0%

JSON

E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to obtain the full path of the web server via “'” characters, and possibly other invalid values, in (1) the id parameter to form_grupo.html, or requests to the (2) archivos/ and (3) files/ directories. NOTE: this issue might be resultant from SQL injection.

Affected configurations

Nvd

Node

oasyssofte-business_designerRange≤3.1.4

oasyssofte-business_designerMatch2.3.3

VendorProductVersionCPE
oasyssofte-business_designer*cpe:2.3:a:oasyssoft:e-business_designer:*:*:*:*:*:*:*:*
oasyssofte-business_designer2.3.3cpe:2.3:a:oasyssoft:e-business_designer:2.3.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oasyssoft	e-business_designer	*	cpe:2.3:a:oasyssoft:e-business_designer::::::::
oasyssoft	e-business_designer	2.3.3	cpe:2.3:a:oasyssoft:e-business_designer:2.3.3:::::::*

References

lists.grok.org.uk/pipermail/full-disclosure/2006-May/045980.html

secunia.com/advisories/20071

securityreason.com/securityalert/891

www.securityfocus.com/archive/1/433807/100/0/threaded

www.securityfocus.com/bid/17933

www.vupen.com/english/advisories/2006/1784

exchange.xforce.ibmcloud.com/vulnerabilities/26476

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

7.6

Confidence

Low

EPSS

0.01

Percentile

84.0%

JSON

Related for CVE-2006-2347