CVE-2006-2347
N/A
N/A
Summary
E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to obtain the full path of the web server via "'" characters, and possibly other invalid values, in (1) the id parameter to form_grupo.html, or requests to the (2) archivos/ and (3) files/ directories. NOTE: this issue might be resultant from SQL injection.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://secunia.com/advisories/20071
- http://securityreason.com/securityalert/891
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045980.html
- http://www.securityfocus.com/archive/1/433807/100/0/threaded
- http://www.securityfocus.com/bid/17933
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26476
- http://www.vupen.com/english/advisories/2006/1784
References
- http://secunia.com/advisories/20071
- http://securityreason.com/securityalert/891
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045980.html
- http://www.securityfocus.com/archive/1/433807/100/0/threaded
- http://www.securityfocus.com/bid/17933
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26476
- http://www.vupen.com/english/advisories/2006/1784
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.