CVE-2006-2954

CVE-2006-2954

EPSS 1.3%

SQL injection vulnerability in files.asp in OfficeFlow 2.6 and earlier allows remote attackers to execute arbitrary SQL commands via the Project parameter.

Productos afectados

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://pridels0.blogspot.com/2006/06/officeflow-26-vuln.html http://secunia.com/advisories/20545 http://securitytracker.com/id?1016255 https://exchange.xforce.ibmcloud.com/vulnerabilities/27023 http://www.securityfocus.com/bid/18367 http://www.vupen.com/english/advisories/2006/2246