Vulnerabilities > CVE-2006-2300 - SQL Injection vulnerability in EImagePro

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
keyvan1
exploit available

Summary

Multiple SQL injection vulnerabilities in EImagePro allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter to subList.asp, (2) SubjectID parameter to imageList.asp, or (3) Pic parameter to view.asp.

Vulnerable Configurations

Part Description Count
Application
Keyvan1
1

Exploit-Db

  • descriptionEImagePro 0 subList.asp CatID Parameter SQL Injection. CVE-2006-2300 . Webapps exploit for asp platform
    idEDB-ID:27846
    last seen2016-02-03
    modified2006-05-09
    published2006-05-09
    reporterDj_Eyes
    sourcehttps://www.exploit-db.com/download/27846/
    titleEImagePro - - subList.asp CatID Parameter SQL Injection
  • descriptionEImagePro 0 view.asp Pic Parameter SQL Injection. CVE-2006-2300. Webapps exploit for php platform
    idEDB-ID:27848
    last seen2016-02-03
    modified2006-05-09
    published2006-05-09
    reporterDj_Eyes
    sourcehttps://www.exploit-db.com/download/27848/
    titleEImagePro - view.asp Pic Parameter SQL Injection