Lucene search

[email protected]CVE-2001-0234

HistoryMay 03, 2001 - 4:00 a.m.

CVE-2001-0234

2001-05-0304:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2001-0234

newsdaemon

remote attack

sql injection

privilege escalation

8.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.5%

JSON

NewsDaemon before 0.21b allows remote attackers to execute arbitrary SQL queries and gain privileges via a malformed user_username parameter.

CPENameOperatorVersion
sourceforge:newsdaemonsourceforge newsdaemoneq0.21b

CPE	Name	Operator	Version
sourceforge:newsdaemon	sourceforge newsdaemon	eq	0.21b

References

archives.neohapsis.com/archives/bugtraq/2001-01/0460.html

sourceforge.net/forum/forum.php?forum_id=60570

exchange.xforce.ibmcloud.com/vulnerabilities/6010

8.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.5%

JSON

Related for CVE-2001-0234

cert1