CVE-2006-2349

Name of the Vulnerable Software and Affected Versions E-Business Designer (eBD) versions 3.1.4 and earlier

Description The issue allows remote attackers to upload or modify arbitrary files and execute arbitrary code by making a direct request to specific API endpoints, such as "common/html editor/image browser.upload.html", "common/html editor/image browser.html", or "common/html editor/html editor.html". This can also be exploited for cross-site scripting (XSS) attacks by uploading cascading style sheet (.CSS) files.

Recommendations For versions 3.1.4 and earlier, consider restricting access to the vulnerable API endpoints "common/html editor/image browser.upload.html", "common/html editor/image browser.html", and "common/html editor/html editor.html" to prevent arbitrary file uploads and code execution. As a temporary workaround, avoid using these endpoints until a patch is available.