E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to obtain the full path of the web server via "'" characters, and possibly other invalid values, in (1) the id parameter to form_grupo.html, or requests to the (2) archivos/ and (3) files/ directories. NOTE: this issue might be resultant from SQL injection.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2006-05-12 17:06
Updated : 2024-02-04 16:52
NVD link : CVE-2006-2347
Mitre link : CVE-2006-2347
CVE.ORG link : CVE-2006-2347
JSON object : View
Products Affected
oasyssoft
- e-business_designer
CWE