CVE-2006-2300
CVE-2006-2300 involves multiple SQL injection flaws in EImagePro. The vulnerabilities allow remote attackers to execute arbitrary SQL via (1) CatID in subList.asp, (2) SubjectID in imageList.asp, or (3) Pic in view.asp. Affected software is EImagePro, with the underlying issue being improper hand...