CVE-2006-2954

N/A Unknown

Published: June 12, 2006 Modified: April 16, 2026

Description

SQL injection vulnerability in files.asp in OfficeFlow 2.6 and earlier allows remote attackers to execute arbitrary SQL commands via the Project parameter.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://pridels0.blogspot.com/2006/06/officeflow-26-vuln.html

Source: cve@mitre.org

http://secunia.com/advisories/20545

Source: cve@mitre.org

Vendor Advisory

http://securitytracker.com/id?1016255

Source: cve@mitre.org

http://www.securityfocus.com/bid/18367

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/2246

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/27023

Source: cve@mitre.org

http://pridels0.blogspot.com/2006/06/officeflow-26-vuln.html