CVE-2006-2320 Information

Description

Multiple SQL injection vulnerabilities in Ideal Science Ideal BB 1.5.4a and earlier allow remote attackers to execute arbitrary SQL commands via multiple unspecified vectors related to stored procedure calls. NOTE: due to lack of details from the researcher it is not clear whether this overlaps CVE-2004-2209.

Reference

http://secunia.com/advisories/20035 http://securityreason.com/securityalert/871 http://www.idealscience.com/ibb/posts.aspx?postID=24415 http://www.osvdb.org/25457 http://www.securityfocus.com/archive/1/433248/100/0/threaded http://www.securityfocus.com/bid/17920 http://www.vupen.com/english/advisories/2006/1729 https://exchange.xforce.ibmcloud.com/vulnerabilities/26354