CVE-2006-2046

Properties

Published:
25.04.2006
Updated:
27.04.2006
Patch available:
Severity:
Medium
CVSS vector:
(AV:R/AC:L/Au:NR/C:P/I:P/A:N/B:N)
Product:
Application Dynamics: Cartweaver ColdFusion

Vulnerability description

Multiple SQL injection vulnerabilities in Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) keywords parameters in (a) Results.cfm, and the (3) ProdID parameter in (b) Details.cfm.

References:

http://pridels.blogspot.com/2006/04/cartweaver-coldfusion-vuln.html: http://pridels.blogspot.com/2006/04/cartweaver-coldfusion-vuln.html
FRSIRT: http://www.frsirt.com/english/advisories/2006/1513