CVE-2006-2179
published 2006-05-04CVE-2006-2179: Multiple SQL injection vulnerabilities in CyberBuild allow remote attackers to execute arbitrary SQL commands via the (1) SessionID parameter to login.asp or…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.67%
83.8th percentile
Multiple SQL injection vulnerabilities in CyberBuild allow remote attackers to execute arbitrary SQL commands via the (1) SessionID parameter to login.asp or (2) ProductIndex parameter to browse0.htm.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
CyberBuild - 'browse0.htm?ProductIndex' SQL Injection
exploitdb·2006-05-03
CVE-2006-2179 CyberBuild - 'browse0.htm?ProductIndex' SQL Injection
CyberBuild - 'browse0.htm?ProductIndex' SQL Injection
---
source: https://www.securityfocus.com/bid/17829/info
CyberBuild is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
http://www.example.com/browse0.htm?ProductIndex=[SQL]
Exploit-DB
CyberBuild - 'login.asp?sessionid' SQL Injection
exploitdb·2006-05-03
CVE-2006-2179 CyberBuild - 'login.asp?sessionid' SQL Injection
CyberBuild - 'login.asp?sessionid' SQL Injection
---
source: https://www.securityfocus.com/bid/17829/info
CyberBuild is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
http://www.example.com/login.asp?SessionID=[SQL]
No writeups or analysis indexed.
http://pridels0.blogspot.com/2006/05/cyberbuild-vuln.htmlhttp://secunia.com/advisories/19889http://www.osvdb.org/25195http://www.osvdb.org/25196http://www.securityfocus.com/bid/17829http://www.vupen.com/english/advisories/2006/1630https://exchange.xforce.ibmcloud.com/vulnerabilities/26201http://pridels0.blogspot.com/2006/05/cyberbuild-vuln.htmlhttp://secunia.com/advisories/19889http://www.osvdb.org/25195http://www.osvdb.org/25196http://www.securityfocus.com/bid/17829http://www.vupen.com/english/advisories/2006/1630https://exchange.xforce.ibmcloud.com/vulnerabilities/26201
2006-05-04
Published