Published: 11/05/2006 Updated: 20/07/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in EImagePro allow remote malicious users to execute arbitrary SQL commands via the (1) CatID parameter to subList.asp, (2) SubjectID parameter to imageList.asp, or (3) Pic parameter to view.asp.

Vulnerable Product	Search on Vulmon	Subscribe to Product
keyvan1 eimagepro

source: wwwsecurityfocuscom/bid/17911/info EImagePro is prone to multiple SQL-injection vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries Successful exploits could allow an attacker to compromise the application, access or modify data, or exploi ...

source: wwwsecurityfocuscom/bid/17911/info EImagePro is prone to multiple SQL-injection vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries Successful exploits could allow an attacker to compromise the application, access or modify data, or ex ...

NVD-CWE-Other http://downloads.securityfocus.com/vulnerabilities/exploits/eimagepro-xss.txt http://www.securityfocus.com/bid/17911 http://secunia.com/advisories/20043 http://www.osvdb.org/25331 http://www.osvdb.org/25332 http://www.osvdb.org/25333 http://www.vupen.com/english/advisories/2006/1749 https://exchange.xforce.ibmcloud.com/vulnerabilities/26343 https://nvd.nist.gov https://www.exploit-db.com/exploits/27846/

CVE-2006-2300

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect