Lucene search
R0tEDB-ID:27854HistoryApr 25, 2006 - 12:00 a.m.
Cartweaver 2.16.11 Details.cfm ProdID Parameter SQL Injection
2006-04-2500:00:00
r0t
www.exploit-db.com
61
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.006 Low
EPSS
Percentile
77.0%
Cartweaver 2.16.11 Details.cfm ProdID Parameter SQL Injection. CVE-2006-2046. Webapps exploit for cfm platform
source: http://www.securityfocus.com/bid/17941/info
Cartweaver ColdFusion is prone to SQL-injection vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input before using it in SQL queries.
Successful exploits could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
http://www.example.com/Details.cfm?ProdID=[SQL]
Related
cve
cve
CVE-2006-2046
2006-04-26 20:06:00
CVE-2008-2918
2008-06-30 18:24:00
prion
prion
Sql injection
2006-04-26 20:06:00
Sql injection
2008-06-30 18:24:00
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.006 Low
EPSS
Percentile
77.0%
Related for EDB-ID:27854