Adobe Dreamweaver Generated Code SQL Injection Vulnerabilities
BID:17928
Info
Adobe Dreamweaver Generated Code SQL Injection Vulnerabilities
| Bugtraq ID: | 17928 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-2042 |
| Remote: | Yes |
| Local: | No |
| Published: | May 10 2006 12:00AM |
| Updated: | May 10 2006 11:14PM |
| Credit: | Brian Gallagher is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
Macromedia Dreamweaver MX 2004 Macromedia Dreamweaver MX 2004 Adobe Dreamweaver 8.0 |
| Not Vulnerable: |
Adobe Dreamweaver 8.0.2 |
Discussion
Adobe Dreamweaver Generated Code SQL Injection Vulnerabilities
Dreamweaver generated code is prone to SQL-injection vulnerabilities. These issues are due to a failure in the generated code to properly sanitize user-supplied input before using it in SQL queries.
Successful exploits could allow an attacker to compromise the code, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Dreamweaver generated code is prone to SQL-injection vulnerabilities. These issues are due to a failure in the generated code to properly sanitize user-supplied input before using it in SQL queries.
Successful exploits could allow an attacker to compromise the code, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Exploit / POC
Adobe Dreamweaver Generated Code SQL Injection Vulnerabilities
These issues can be exploited through a web client.
These issues can be exploited through a web client.
Solution / Fix
Adobe Dreamweaver Generated Code SQL Injection Vulnerabilities
Solution:
The vendor has released version 8.0.2 to address this issue for Dreamweaver version 8. Users of Dreamweaver MX 2004 are directed to follow specific instructions to update code generated using that version. See the referenced vendor advisories for further information.
Adobe Dreamweaver 8.0
Solution:
The vendor has released version 8.0.2 to address this issue for Dreamweaver version 8. Users of Dreamweaver MX 2004 are directed to follow specific instructions to update code generated using that version. See the referenced vendor advisories for further information.
Adobe Dreamweaver 8.0
-
Adobe dw8_802_update_en.exe
Windows english version
http://download.macromedia.com/pub/dreamweaver/updates/dw_8/8_0_2/win/ dw8_802_update_en.exe
References
Adobe Dreamweaver Generated Code SQL Injection Vulnerabilities
References:
References:
- Protecting ASP JavaScript server behaviors from SQL injection vulnerability (Adobe)
- Protecting ASP VBScript server behaviors from SQL injection vulnerability (Adobe)
- Protecting ColdFusion server behaviors from SQL injection vulnerability (Adobe)
- Protecting JSP server behaviors from SQL injection vulnerability (Adobe)
- Protecting PHP server behaviors from SQL injection vulnerability (Adobe)
- Dreamweaver Homepage (Adobe)
- Dreamweaver Server Behavior SQL Injection vulnerability (Adobe)
- Brian Gallagher (Multiple SQL Injection Vulnerabilities in Dreamweaver Generated Code)