6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.006 Low
EPSS
Percentile
77.0%
Cartweaver 2.16.11 Details.cfm ProdID Parameter SQL Injection. CVE-2006-2046. Webapps exploit for cfm platform
source: http://www.securityfocus.com/bid/17941/info
Cartweaver ColdFusion is prone to SQL-injection vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input before using it in SQL queries.
Successful exploits could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
http://www.example.com/Details.cfm?ProdID=[SQL]