CVE-2006-2300 Information

Description

Multiple SQL injection vulnerabilities in EImagePro allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter to subList.asp (2) SubjectID parameter to imageList.asp or (3) Pic parameter to view.asp.

Reference

http://downloads.securityfocus.com/vulnerabilities/exploits/eimagepro-xss.txt http://secunia.com/advisories/20043 http://www.osvdb.org/25331 http://www.osvdb.org/25332 http://www.osvdb.org/25333 http://www.securityfocus.com/bid/17911 http://www.vupen.com/english/advisories/2006/1749 https://exchange.xforce.ibmcloud.com/vulnerabilities/26343