Vulnerabilities > CVE-2006-2300 - SQL Injection vulnerability in EImagePro
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in EImagePro allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter to subList.asp, (2) SubjectID parameter to imageList.asp, or (3) Pic parameter to view.asp.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description EImagePro 0 subList.asp CatID Parameter SQL Injection. CVE-2006-2300 . Webapps exploit for asp platform id EDB-ID:27846 last seen 2016-02-03 modified 2006-05-09 published 2006-05-09 reporter Dj_Eyes source https://www.exploit-db.com/download/27846/ title EImagePro - - subList.asp CatID Parameter SQL Injection description EImagePro 0 view.asp Pic Parameter SQL Injection. CVE-2006-2300. Webapps exploit for php platform id EDB-ID:27848 last seen 2016-02-03 modified 2006-05-09 published 2006-05-09 reporter Dj_Eyes source https://www.exploit-db.com/download/27848/ title EImagePro - view.asp Pic Parameter SQL Injection
References
- http://downloads.securityfocus.com/vulnerabilities/exploits/eimagepro-xss.txt
- http://secunia.com/advisories/20043
- http://www.osvdb.org/25331
- http://www.osvdb.org/25332
- http://www.osvdb.org/25333
- http://www.securityfocus.com/bid/17911
- http://www.vupen.com/english/advisories/2006/1749
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26343