Unrated severityNVD Advisory· Published Apr 26, 2006· Updated Apr 16, 2026

CVE-2006-2046

Description

Multiple SQL injection vulnerabilities in Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) keywords parameters in (a) Results.cfm, and the (3) ProdID parameter in (b) Details.cfm.

Affected products

Application Dynamics/Cartweaver Coldfusion
cpe:2.3:a:application_dynamics:cartweaver_coldfusion:*:*:*:*:*:*:*:*
Range: <=2.16.11

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

pridels0.blogspot.com/2006/04/cartweaver-coldfusion-vuln.htmlnvd
secunia.com/advisories/19812nvd
www.osvdb.org/24961nvd
www.osvdb.org/24962nvd
www.securityfocus.com/bid/17941nvd
www.securityfocus.com/bid/25210nvd
www.techfeed.net/blog/index.cfm/2006/4/26/cartweaver-holesnvd
www.vupen.com/english/advisories/2006/1513nvd
exchange.xforce.ibmcloud.com/vulnerabilities/26060nvd
www.exploit-db.com/exploits/4264nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000