Vulnerability Details CVE-2006-2046
Multiple SQL injection vulnerabilities in Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) keywords parameters in (a) Results.cfm, and the (3) ProdID parameter in (b) Details.cfm.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.039
EPSS Ranking 87.8%
CVSS Severity
CVSS v2 Score 6.4
References
- http://pridels0.blogspot.com/2006/04/cartweaver-coldfusion-vuln.html
- http://secunia.com/advisories/19812
- http://www.osvdb.org/24961
- http://www.osvdb.org/24962
- http://www.securityfocus.com/bid/17941
- http://www.securityfocus.com/bid/25210
- http://www.techfeed.net/blog/index.cfm/2006/4/26/cartweaver-holes
- http://www.vupen.com/english/advisories/2006/1513
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26060
- https://www.exploit-db.com/exploits/4264
- http://pridels0.blogspot.com/2006/04/cartweaver-coldfusion-vuln.html
- http://secunia.com/advisories/19812
- http://www.osvdb.org/24961
- http://www.osvdb.org/24962
- http://www.securityfocus.com/bid/17941
- http://www.securityfocus.com/bid/25210
- http://www.techfeed.net/blog/index.cfm/2006/4/26/cartweaver-holes
- http://www.vupen.com/english/advisories/2006/1513
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26060
- https://www.exploit-db.com/exploits/4264
Products affected by CVE-2006-2046
-
cpe:2.3:a:application_dynamics:cartweaver_coldfusion:*