Unrated severityNVD Advisory· Published May 12, 2006· Updated Apr 16, 2026

CVE-2006-2347

Description

E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to obtain the full path of the web server via "'" characters, and possibly other invalid values, in (1) the id parameter to form_grupo.html, or requests to the (2) archivos/ and (3) files/ directories. NOTE: this issue might be resultant from SQL injection.

Affected products

Oasyssoft/E Business Designer2 versions
cpe:2.3:a:oasyssoft:e-business_designer:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:oasyssoft:e-business_designer:*:*:*:*:*:*:*:*range: <=3.1.4
- cpe:2.3:a:oasyssoft:e-business_designer:2.3.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.grok.org.uk/pipermail/full-disclosure/2006-May/045980.htmlnvdVendor Advisory
secunia.com/advisories/20071nvdVendor Advisory
securityreason.com/securityalert/891nvd
www.securityfocus.com/archive/1/433807/100/0/threadednvd
www.securityfocus.com/bid/17933nvd
www.vupen.com/english/advisories/2006/1784nvd
exchange.xforce.ibmcloud.com/vulnerabilities/26476nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000