Description
Multiple SQL injection vulnerabilities in EImagePro allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter to subList.asp, (2) SubjectID parameter to imageList.asp, or (3) Pic parameter to view.asp.
Exploits (2)
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/25332
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/17911
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/26343
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/25331
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1749
Exploit, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/20043
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/25333
Exploit x_refsource_misc
http://downloads.securityfocus.com/vulnerabilities/exploits/eimagepro-xss.txt
Scores
EPSS
0.0174
EPSS Percentile
82.6%
Details
Status
published
Products (1)
keyvan1/eimagepro
Published
May 11, 2006
Tracked Since
Feb 18, 2026