CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
84.0%
E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to obtain the full path of the web server via “'” characters, and possibly other invalid values, in (1) the id parameter to form_grupo.html, or requests to the (2) archivos/ and (3) files/ directories. NOTE: this issue might be resultant from SQL injection.
Vendor | Product | Version | CPE |
---|---|---|---|
oasyssoft | e-business_designer | * | cpe:2.3:a:oasyssoft:e-business_designer:*:*:*:*:*:*:*:* |
oasyssoft | e-business_designer | 2.3.3 | cpe:2.3:a:oasyssoft:e-business_designer:2.3.3:*:*:*:*:*:*:* |
lists.grok.org.uk/pipermail/full-disclosure/2006-May/045980.html
secunia.com/advisories/20071
securityreason.com/securityalert/891
www.securityfocus.com/archive/1/433807/100/0/threaded
www.securityfocus.com/bid/17933
www.vupen.com/english/advisories/2006/1784
exchange.xforce.ibmcloud.com/vulnerabilities/26476