Vulnerabilities > CVE-2006-6804 - SQL Injection vulnerability in Dragon Business Directory Bus_Details.ASP

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
enthrallweb
exploit available

Summary

SQL injection vulnerability in bus_details.asp in Dragon Business Directory - Pro (aka Dragon Internet Business Search Directory - Pro) 3.01.12 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.

Vulnerable Configurations

Part Description Count
Application
Enthrallweb
1

Exploit-Db

descriptionDragon Business Directory <= 3.01.12 (ID) SQL Injection Vulnerability. CVE-2006-6804. Webapps exploit for asp platform
fileexploits/asp/webapps/2992.txt
idEDB-ID:2992
last seen2016-01-31
modified2006-12-23
platformasp
port
published2006-12-23
reporterajann
sourcehttps://www.exploit-db.com/download/2992/
titleDragon Business Directory <= 3.01.12 ID SQL Injection Vulnerability
typewebapps