CVE-2006-2046 Information

Description

Multiple SQL injection vulnerabilities in Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) keywords parameters in (a) Results.cfm and the (3) ProdID parameter in (b) Details.cfm.

Reference

http://pridels0.blogspot.com/2006/04/cartweaver-coldfusion-vuln.html http://secunia.com/advisories/19812 http://www.osvdb.org/24961 http://www.osvdb.org/24962 http://www.securityfocus.com/bid/17941 http://www.securityfocus.com/bid/25210 http://www.techfeed.net/blog/index.cfm/2006/4/26/cartweaver-holes http://www.vupen.com/english/advisories/2006/1513 https://exchange.xforce.ibmcloud.com/vulnerabilities/26060 https://www.exploit-db.com/exploits/4264