[email protected]CVE-2004-1498

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-1498

2004-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

sql injection

vulnerability

compose message

helm 3.1.19

remote attackers

arbitrary sql commands

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

69.2%

JSON

SQL injection vulnerability in the compose message form in HELM 3.1.19 and earlier allows remote attackers to execute arbitrary SQL commands via the messageToUserAccNum parameter.

CPENameOperatorVersion
webhost_automation:helm_control_panelwebhost automation helm control paneleq3.1.11
webhost_automation:helm_control_panelwebhost automation helm control paneleq3.1.19
webhost_automation:helm_control_panelwebhost automation helm control paneleq3.1.10
webhost_automation:helm_control_panelwebhost automation helm control paneleq3.1.17
webhost_automation:helm_control_panelwebhost automation helm control paneleq3.1.18
webhost_automation:helm_control_panelwebhost automation helm control paneleq3.1.16
webhost_automation:helm_control_panelwebhost automation helm control paneleq3.1.13
webhost_automation:helm_control_panelwebhost automation helm control paneleq3.1.12
webhost_automation:helm_control_panelwebhost automation helm control paneleq3.1.14
webhost_automation:helm_control_panelwebhost automation helm control paneleq3.1.15

CPE	Name	Operator	Version
webhost_automation:helm_control_panel	webhost automation helm control panel	eq	3.1.11
webhost_automation:helm_control_panel	webhost automation helm control panel	eq	3.1.19
webhost_automation:helm_control_panel	webhost automation helm control panel	eq	3.1.10
webhost_automation:helm_control_panel	webhost automation helm control panel	eq	3.1.17
webhost_automation:helm_control_panel	webhost automation helm control panel	eq	3.1.18
webhost_automation:helm_control_panel	webhost automation helm control panel	eq	3.1.16
webhost_automation:helm_control_panel	webhost automation helm control panel	eq	3.1.13
webhost_automation:helm_control_panel	webhost automation helm control panel	eq	3.1.12
webhost_automation:helm_control_panel	webhost automation helm control panel	eq	3.1.14
webhost_automation:helm_control_panel	webhost automation helm control panel	eq	3.1.15

References

marc.info/?l=bugtraq&m=109943858026542&w=2

secunia.com/advisories/13079

www.hat-squad.com/en/000077.html

www.securityfocus.com/bid/11586

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

69.2%

JSON