CVE-2006-2300

2006-05-1110:00:00

mitre

www.cve.org

AI Score

8.5

Confidence

Low

EPSS

0.006

Percentile

78.7%

JSON

Multiple SQL injection vulnerabilities in EImagePro allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter to subList.asp, (2) SubjectID parameter to imageList.asp, or (3) Pic parameter to view.asp.

References

downloads.securityfocus.com/vulnerabilities/exploits/eimagepro-xss.txt

secunia.com/advisories/20043

www.osvdb.org/25331

www.osvdb.org/25332

www.osvdb.org/25333

www.securityfocus.com/bid/17911

www.vupen.com/english/advisories/2006/1749

exchange.xforce.ibmcloud.com/vulnerabilities/26343