CVE-2006-2042 - Adobe Dreamweaver 8 before 8.0.2 and MX 2004 can generate code that allows SQL injection attacks in

CVE-2006-2042

Summary

Adobe Dreamweaver 8 before 8.0.2 and MX 2004 can generate code that allows SQL injection attacks in the (1) ColdFusion, (2) PHP mySQL, (3) ASP, (4) ASP.NET, and (5) JSP server models. This vulnerability affects all versions of Adobe, Dreamweaver, 8.0 before 8.0.2 This vulnerability is addressed in the following product releases: Adobe, Dreamweaver, 8.0.2 Code update for Macromedia, Dreamweaver MX, 2004

References

Vulnerable Configurations

cpe:2.3:a:adobe:dreamweaver:7.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:dreamweaver:7.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:dreamweaver:8.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:dreamweaver:8.0:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 20-07-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	17928
bugtraq	20060509 Multiple SQL Injection Vulnerabilities in Dreamweaver Generated Code
confirm	http://www.adobe.com/support/security/bulletins/apsb06-07.html
osvdb	25361
sectrack	1016050
secunia	20054
vupen	ADV-2006-1753
xf	dreamweaver-server-sql-injection(26339)

Last major update

20-07-2017 - 01:31

Published

09-05-2006 - 19:02

Last modified

20-07-2017 - 01:31