CVE-2006-2042

Adobe Dreamweaver 8 before 8.0.2 and MX 2004 can generate code that allows SQL injection attacks in the (1) ColdFusion, (2) PHP mySQL, (3) ASP, (4) ASP.NET, and (5) JSP server models.

Published Bycve@mitre.org

Published DateMay 09, 2006, 19:02

Weakness Type (CWE):NVD-CWE-Other

CVSS Metrics

Base Score

7.5

Vector String

AV:N/AC:L/Au:N/C:P/I:P/A:P

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

PARTIAL

Availability (A)

PARTIAL

References

http://archives.neohapsis.com/archives/bugtraq/2006-05/0194.html
http://secunia.com/advisories/20054
http://securitytracker.com/id?1016050
http://www.adobe.com/support/security/bulletins/apsb06-07.html
http://www.osvdb.org/25361
http://www.securityfocus.com/bid/17928
http://www.vupen.com/english/advisories/2006/1753
https://exchange.xforce.ibmcloud.com/vulnerabilities/26339

Weakness Type (CWE):NVD-CWE-Other

CVSS Metrics

Base Score

7.5

Vector String

AV:N/AC:L/Au:N/C:P/I:P/A:P

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

PARTIAL

Availability (A)

PARTIAL