Lucene search

[email protected]CVE-2003-0874

HistoryNov 17, 2003 - 5:00 a.m.

CVE-2003-0874

2003-11-1705:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2003-0874

deskpro

sql injection

faq.php

view.php

unauthorized activities

nvd

8.8 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

80.1%

JSON

Multiple SQL injection vulnerabilities in DeskPRO 1.1.0 and earlier allow remote attackers to insert arbitrary SQL and conduct unauthorized activities via (1) the cat parameter in faq.php, (2) the article parameter in faq.php, (3) the tickedid parameter in view.php, and (4) the Password entry on the logon screen.

CPENameOperatorVersion
deskpro:deskprodeskproeq1.1_.0

CPE	Name	Operator	Version
deskpro:deskpro	deskpro	eq	1.1_.0

References

archives.neohapsis.com/archives/vulnwatch/2003-q4/0017.html

marc.info/?l=bugtraq&m=106667525623311&w=2

www.securiteam.com/unixfocus/6R0052K8KM.html

www.securityfocus.com/bid/8856

exchange.xforce.ibmcloud.com/vulnerabilities/13391

8.8 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

80.1%

JSON

Related for CVE-2003-0874

cvelist1