Vulnerabilities > CVE-2006-2179 - Input Validation vulnerability in CyberBuild

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

smartwin-technology

exploit available

NVD

Published: 2006-05-04

Updated: 2017-07-20

Summary

Multiple SQL injection vulnerabilities in CyberBuild allow remote attackers to execute arbitrary SQL commands via the (1) SessionID parameter to login.asp or (2) ProductIndex parameter to browse0.htm.

Vulnerable Configurations

Part	Description	Count
Application	Smartwin_Technology Smartwin Technology Cyberoffice Warehouse Builder *	1

Exploit-Db

description	CyberBuild 0 browse0.htm ProductIndex Parameter SQL Injection. CVE-2006-2179. Webapps exploit for asp platform
id	EDB-ID:27814
last seen	2016-02-03
modified	2006-05-03
published	2006-05-03
reporter	r0t
source	https://www.exploit-db.com/download/27814/
title	CyberBuild - browse0.htm ProductIndex Parameter SQL Injection

description	CyberBuild 0 login.asp SessionID Parameter SQL Injection. CVE-2006-2179. Webapps exploit for asp platform
id	EDB-ID:27813
last seen	2016-02-03
modified	2006-05-03
published	2006-05-03
reporter	r0t
source	https://www.exploit-db.com/download/27813/
title	CyberBuild - login.asp SessionID Parameter SQL Injection

Summary

Vulnerable Configurations

Exploit-Db

References