Lucene search

[email protected]CVE-2004-1402

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-1402

2004-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2004-1402

sql injection

iwebnegar

remote attackers

arbitrary commands

8.7 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

60.8%

JSON

SQL injection vulnerability in iWebNegar allows remote attackers to execute arbitrary SQL commands via (1) the string parameter for index.php, (2) comments.php, or (3) the administrator login page.

CPENameOperatorVersion
iwebnegar:iwebnegariwebnegareq*

CPE	Name	Operator	Version
iwebnegar:iwebnegar	iwebnegar	eq	*

References

marc.info/?l=bugtraq&m=110314454810163&w=2

www.securityfocus.com/bid/11946

exchange.xforce.ibmcloud.com/vulnerabilities/18505

8.7 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

60.8%

JSON

Related for CVE-2004-1402

nessus1 cvelist1