Vulnerabilities > CVE-2006-6204 - Unspecified vulnerability in Enthrallweb Ehomes

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
enthrallweb
exploit available
NVD
Published: 2006-12-01
Updated: 2024-11-21

Summary

Multiple SQL injection vulnerabilities in Enthrallweb eHomes allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter to (a) dircat.asp; the (2) sid parameter to (b) dirSub.asp; the (3) TYPE_ID parameter to (c) types.asp; the (4) AD_ID parameter to (d) homeDetail.asp; the (5) cat parameter to (e) result.asp; the (6) compare, (7) clear, and (8) adID parameters to (f) compareHomes.asp; and the (9) aminprice, (10) amaxprice, and (11) abedrooms parameters to (g) result.asp.

Vulnerable Configurations

Part Description Count
Application
Enthrallweb
1

Exploit-Db

  • descriptionEnthrallweb eHomes result.asp Multiple Parameter SQL Injection. CVE-2006-6204. Webapps exploit for asp platform
    idEDB-ID:29123
    last seen2016-02-03
    modified2006-11-20
    published2006-11-20
    reporterlaurent gaffie
    sourcehttps://www.exploit-db.com/download/29123/
    titleEnthrallweb eHomes result.asp Multiple Parameter SQL Injection
  • descriptionEnthrallweb eHomes compareHomes.asp Multiple Parameter SQL Injection. CVE-2006-6204. Webapps exploit for asp platform
    idEDB-ID:29122
    last seen2016-02-03
    modified2006-11-20
    published2006-11-20
    reporterlaurent gaffie
    sourcehttps://www.exploit-db.com/download/29122/
    titleEnthrallweb eHomes compareHomes.asp Multiple Parameter SQL Injection
  • descriptionEnthrallweb eHomes homeDetail.asp AD_ID Parameter SQL Injection. CVE-2006-6204 . Webapps exploit for asp platform
    idEDB-ID:29121
    last seen2016-02-03
    modified2006-11-20
    published2006-11-20
    reporterlaurent gaffie
    sourcehttps://www.exploit-db.com/download/29121/
    titleEnthrallweb eHomes homeDetail.asp AD_ID Parameter SQL Injection

References