Lucene search

[email protected]CVE-2004-0236

HistoryNov 23, 2004 - 5:00 a.m.

CVE-2004-0236

2004-11-2305:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

sql injection

thephototool

unauthorized access

vulnerability

cve-2004-0236

9 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

76.3%

JSON

SQL injection vulnerability in login.asp in thePHOTOtool allows remote attackers to gain unauthorized access via the password field.

CPENameOperatorVersion
steelid:thephototoolsteelid thephototooleq*

CPE	Name	Operator	Version
steelid:thephototool	steelid thephototool	eq	*

References

marc.info/?l=bugtraq&m=107576894019530&w=2

securitytracker.com/alerts/2004/Feb/1008906.html

www.osvdb.org/6727

www.securityfocus.com/bid/9884

exchange.xforce.ibmcloud.com/vulnerabilities/15007

9 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

76.3%

JSON