Vulnerabilities > CVE-2006-3027 - Unspecified vulnerability in Enthrallweb Ephotos
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN enthrallweb
exploit available
Summary
Multiple SQL injection vulnerabilities in Enthrallwebe ePhotos 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) CAT_ID parameter in (a) subphotos.asp and (b) subLevel2.asp, the (2) AL_ID parameter in (c) photo.asp, and the (3) SUB_ID parameter in (d) subLevel2.asp.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| id | EDB-ID:2986 |
References
- http://pridels0.blogspot.com/2006/06/ephotos-vuln.html
- http://pridels0.blogspot.com/2006/06/ephotos-vuln.html
- http://secunia.com/advisories/20609
- http://secunia.com/advisories/20609
- http://secunia.com/advisories/23525
- http://secunia.com/advisories/23525
- http://www.osvdb.org/26365
- http://www.osvdb.org/26365
- http://www.osvdb.org/26366
- http://www.osvdb.org/26366
- http://www.osvdb.org/26367
- http://www.osvdb.org/26367
- http://www.securityfocus.com/bid/21742
- http://www.securityfocus.com/bid/21742
- http://www.vupen.com/english/advisories/2006/2316
- http://www.vupen.com/english/advisories/2006/2316
- http://www.vupen.com/english/advisories/2006/5160
- http://www.vupen.com/english/advisories/2006/5160
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27035
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27035
- https://www.exploit-db.com/exploits/2986
- https://www.exploit-db.com/exploits/2986