Unrated severityNVD Advisory· Published May 11, 2006· Updated Apr 16, 2026

CVE-2006-2300

Description

Multiple SQL injection vulnerabilities in EImagePro allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter to subList.asp, (2) SubjectID parameter to imageList.asp, or (3) Pic parameter to view.asp.

Affected products

Keyvan1/Eimagepro
cpe:2.3:a:keyvan1:eimagepro:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

downloads.securityfocus.com/vulnerabilities/exploits/eimagepro-xss.txtnvdExploit
secunia.com/advisories/20043nvdExploitVendor Advisory
www.securityfocus.com/bid/17911nvdExploit
www.osvdb.org/25331nvd
www.osvdb.org/25332nvd
www.osvdb.org/25333nvd
www.vupen.com/english/advisories/2006/1749nvd
exchange.xforce.ibmcloud.com/vulnerabilities/26343nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000