Lucene search

K
cve[email protected]CVE-2004-0343
HistoryNov 23, 2004 - 5:00 a.m.

CVE-2004-0343

2004-11-2305:00:00
NVD-CWE-Other
web.nvd.nist.gov
20
sql injection
yabb se
vulnerability
cve-2004-0343
remote execution

9.3 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

59.5%

Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b allow remote attackers to execute arbitrary SQL via (1) the msg parameter in ModifyMessage.php or (2) the postid parameter in ModifyMessage.php.

9.3 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

59.5%