Vulnerabilities > CVE-2006-2042 - SQL Injection vulnerability in Adobe Dreamweaver Generated Code
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Adobe Dreamweaver 8 before 8.0.2 and MX 2004 can generate code that allows SQL injection attacks in the (1) ColdFusion, (2) PHP mySQL, (3) ASP, (4) ASP.NET, and (5) JSP server models. This vulnerability affects all versions of Adobe, Dreamweaver, 8.0 before 8.0.2 This vulnerability is addressed in the following product releases: Adobe, Dreamweaver, 8.0.2 Code update for Macromedia, Dreamweaver MX, 2004
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
References
- http://archives.neohapsis.com/archives/bugtraq/2006-05/0194.html
- http://secunia.com/advisories/20054
- http://securitytracker.com/id?1016050
- http://www.adobe.com/support/security/bulletins/apsb06-07.html
- http://www.osvdb.org/25361
- http://www.securityfocus.com/bid/17928
- http://www.vupen.com/english/advisories/2006/1753
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26339