CVE-2006-3860

IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows allows remote authenticated users to execute arbitrary commands via the (1) SET DEBUG FILE SQL command, and the (2) start_onpload and (3) dbexp functions.

Affected Software

Name	Vendor	Start Version	End Version
Informix_dynamic_database_server	Ibm	7.3 (including)	7.3 (including)
Informix_dynamic_database_server	Ibm	7.31_.xd8 (including)	7.31_.xd8 (including)
Informix_dynamic_database_server	Ibm	9.4 (including)	9.4 (including)
Informix_dynamic_database_server	Ibm	9.40.tc5 (including)	9.40.tc5 (including)
Informix_dynamic_database_server	Ibm	9.40.uc1 (including)	9.40.uc1 (including)
Informix_dynamic_database_server	Ibm	9.40.uc2 (including)	9.40.uc2 (including)
Informix_dynamic_database_server	Ibm	9.40.uc3 (including)	9.40.uc3 (including)
Informix_dynamic_database_server	Ibm	9.40.uc5 (including)	9.40.uc5 (including)
Informix_dynamic_database_server	Ibm	9.40.xc7 (including)	9.40.xc7 (including)
Informix_dynamic_database_server	Ibm	10.0 (including)	10.0 (including)
Informix_dynamic_database_server	Ibm	10.0_xc3 (including)	10.0_xc3 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-3860
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References