Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2004-1553
HistoryFeb 20, 2005 - 5:00 a.m.

CVE-2004-1553

2005-02-2005:00:00
CWE-89
mitre
web.nvd.nist.gov
46
sql injection
aspwebalbum
remote attackers
arbitrary sql statements
vulnerability
nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.1

Confidence

Low

EPSS

0.002

Percentile

59.4%

JSON

SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. NOTE: it was later reported that vector 1 affects aspWebAlbum 3.2, and the vector involves the txtUserName parameter in a processlogin action to album.asp, as reachable from the login action.

Affected configurations

Nvd
Node
fullrevolutionaspwebalbumMatch3.2
VendorProductVersionCPE
fullrevolutionaspwebalbum3.2cpe:2.3:a:fullrevolution:aspwebalbum:3.2:*:*:*:*:*:*:*

Related

nvd 1
cvelist 1
nessus 1
exploitdb 2
nvd
nvd
CVE-2004-1553
2004-12-31 05:00:00
cvelist
cvelist
CVE-2004-1553
2005-02-20 05:00:00
nessus
nessus
aspWebAlbum album.asp SQL Injection
2004-09-24 00:00:00
exploitdb
exploitdb
aspwebalbum 3.2 - Multiple Vulnerabilities
2008-09-10 00:00:00
aspwebalbum 3.2 - Arbitrary File Upload / SQL Injection / Cross-Site Scripting
2008-09-03 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.1

Confidence

Low

EPSS

0.002

Percentile

59.4%

JSON
Related for CVE-2004-1553
nvd1cvelist1nessus1exploitdb2