Vulnerabilities > CVE-2006-2046 - SQL Injection vulnerability in Application Dynamics Cartweaver ColdFusion
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple SQL injection vulnerabilities in Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) keywords parameters in (a) Results.cfm, and the (3) ProdID parameter in (b) Details.cfm.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description Cartweaver 2.16.11 Details.cfm ProdID Parameter SQL Injection. CVE-2006-2046. Webapps exploit for cfm platform id EDB-ID:27854 last seen 2016-02-03 modified 2006-04-25 published 2006-04-25 reporter r0t source https://www.exploit-db.com/download/27854/ title Cartweaver 2.16.11 Details.cfm ProdID Parameter SQL Injection description Cartweaver 2.16.11 Results.cfm category Parameter SQL Injection. CVE-2006-2046. Webapps exploit for cfm platform id EDB-ID:27853 last seen 2016-02-03 modified 2006-04-25 published 2006-04-25 reporter r0t source https://www.exploit-db.com/download/27853/ title Cartweaver 2.16.11 Results.cfm category Parameter SQL Injection id EDB-ID:4264
References
- http://pridels0.blogspot.com/2006/04/cartweaver-coldfusion-vuln.html
- http://secunia.com/advisories/19812
- http://www.osvdb.org/24961
- http://www.osvdb.org/24962
- http://www.securityfocus.com/bid/17941
- http://www.securityfocus.com/bid/25210
- http://www.techfeed.net/blog/index.cfm/2006/4/26/cartweaver-holes
- http://www.vupen.com/english/advisories/2006/1513
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26060
- https://www.exploit-db.com/exploits/4264