ID CVE-2006-2179
Summary Multiple SQL injection vulnerabilities in CyberBuild allow remote attackers to execute arbitrary SQL commands via the (1) SessionID parameter to login.asp or (2) ProductIndex parameter to browse0.htm.
References
Vulnerable Configurations
  • cpe:2.3:a:smartwin_technology:cyberoffice_warehouse_builder:*:*:*:*:*:*:*:*
    cpe:2.3:a:smartwin_technology:cyberoffice_warehouse_builder:*:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 20-07-2017 - 01:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 17829
misc http://pridels0.blogspot.com/2006/05/cyberbuild-vuln.html
osvdb
  • 25195
  • 25196
secunia 19889
vupen ADV-2006-1630
xf cyberbuild-multiple-sql-injection(26201)
Last major update 20-07-2017 - 01:31
Published 04-05-2006 - 12:38
Last modified 20-07-2017 - 01:31
Back to Top