Multiple SQL injection vulnerabilities in Application Dynamics Cartweaver ColdFusion 2.16.11 and previous versions allow remote malicious users to execute arbitrary SQL commands via the (1) category and (2) keywords parameters in (a) Results.cfm, and the (3) ProdID parameter in (b) Details.cfm.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
application dynamics cartweaver coldfusion |