Lucene search
MitreCVELIST:CVE-2006-2347HistoryMay 12, 2006 - 5:00 p.m.
CVE-2006-2347
2006-05-1217:00:00
mitre
www.cve.org
3
E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to obtain the full path of the web server via “'” characters, and possibly other invalid values, in (1) the id parameter to form_grupo.html, or requests to the (2) archivos/ and (3) files/ directories. NOTE: this issue might be resultant from SQL injection.
References
lists.grok.org.uk/pipermail/full-disclosure/2006-May/045980.html
secunia.com/advisories/20071
securityreason.com/securityalert/891
www.securityfocus.com/archive/1/433807/100/0/threaded
www.securityfocus.com/bid/17933
www.vupen.com/english/advisories/2006/1784
exchange.xforce.ibmcloud.com/vulnerabilities/26476
Related
nvd
nvd
CVE-2006-2347
2006-05-12 17:06:00
cve
cve
CVE-2006-2347
2006-05-12 17:06:00
prion
prion
Sql injection
2006-05-12 17:06:00