Detections
Analytics

CVE-2006-2046

critical

Description

Multiple SQL injection vulnerabilities in Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) keywords parameters in (a) Results.cfm, and the (3) ProdID parameter in (b) Details.cfm.

References

https://www.exploit-db.com/exploits/4264

https://exchange.xforce.ibmcloud.com/vulnerabilities/26060

http://www.vupen.com/english/advisories/2006/1513

http://www.techfeed.net/blog/index.cfm/2006/4/26/cartweaver-holes

http://www.securityfocus.com/bid/25210

http://www.securityfocus.com/bid/17941

http://www.osvdb.org/24962

http://www.osvdb.org/24961

http://secunia.com/advisories/19812

http://pridels0.blogspot.com/2006/04/cartweaver-coldfusion-vuln.html

Details

Source: Mitre, NVD

Published: 2006-04-26

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.0466