CVE-2006-2300

critical

Description

Multiple SQL injection vulnerabilities in EImagePro allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter to subList.asp, (2) SubjectID parameter to imageList.asp, or (3) Pic parameter to view.asp.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/26343

http://www.vupen.com/english/advisories/2006/1749

http://www.osvdb.org/25333

http://www.osvdb.org/25332

http://www.osvdb.org/25331

Details

Source: Mitre, NVD

Published: 2006-05-11

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.01108