Lucene search

[email protected]CVE-2004-1552

HistoryFeb 20, 2005 - 5:00 a.m.

CVE-2004-1552

2005-02-2005:00:00

[email protected]

web.nvd.nist.gov

sql injection

aspwebcalendar

security vulnerability

remote attackers

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.2 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.4%

JSON

SQL injection vulnerability in aspWebCalendar allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the eventid parameter to calendar.asp.

Affected configurations

NVD

Node

full_revolutionaspwebcalendarMatch4.5

CPENameOperatorVersion
full_revolution:aspwebcalendarfull revolution aspwebcalendareq4.5

CPE	Name	Operator	Version
full_revolution:aspwebcalendar	full revolution aspwebcalendar	eq	4.5

References

marc.info/?l=bugtraq&m=109604910025090&w=2

secunia.com/advisories/12651

secunia.com/advisories/24622

www.securityfocus.com/bid/11246

www.securityfocus.com/bid/23098

www.vupen.com/english/advisories/2007/1093

exchange.xforce.ibmcloud.com/vulnerabilities/17506

exchange.xforce.ibmcloud.com/vulnerabilities/33157

www.exploit-db.com/exploits/3546

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.2 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.4%

JSON

Related for CVE-2004-1552

cvelist1 nvd1 nessus1