SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Adobe Dreamweaver Vendors:   Adobe Systems Incorporated
Adobe Dreamweaver May Let Remote Users Inject SQL Code
SecurityTracker Alert ID:  1016050
SecurityTracker URL:  http://securitytracker.com/id/1016050
CVE Reference:   CVE-2006-2042   (Links to External Site)
Date:  May 9 2006
Impact:   Disclosure of system information, Disclosure of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Dreamweaver 8 and Dreamweaver MX 2004
Description:   A vulnerability was reported in Adobe Dreamweaver. A remote user may be able to inject SQL commands.

Code generated by Dreamweaver server behaviors for the ColdFusion, PHP mySQL, ASP, ASP.NET, and JSP server models may not properly validate user-supplied input. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database.

Adobe credits Brian Gallagher with reporting this vulnerability.

Impact:   A remote user may be able to execute SQL commands on the underlying database.
Solution:   The vendor has issued a fix (Dreamweaver 8.0.2 updater), available at:

http://www.adobe.com/support/dreamweaver/downloads_updaters.html#dw8

The Adobe advisory is available at:

http://www.adobe.com/support/security/bulletins/apsb06-07.html

Vendor URL:  www.adobe.com/support/security/bulletins/apsb06-07.html (Links to External Site)
Cause:   Input validation error
Underlying OS:  UNIX (macOS/OS X), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC