CVE Vulnerabilities

CVE-2006-2347

Published: May 12, 2006 | Modified: Oct 18, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to obtain the full path of the web server via characters, and possibly other invalid values, in (1) the id parameter to form_grupo.html, or requests to the (2) archivos/ and (3) files/ directories. NOTE: this issue might be resultant from SQL injection.

Affected Software

Name Vendor Start Version End Version
E-business_designer Oasyssoft * 3.1.4
E-business_designer Oasyssoft 2.3.3 2.3.3

References