Lucene search

MitreCVE-2004-1555

HistoryFeb 20, 2005 - 5:00 a.m.

CVE-2004-1555

2005-02-2005:00:00

mitre

web.nvd.nist.gov

sql injection

broadboard

instant asp

message board

vulnerabilities

remote attackers

arbitrary sql commands

search.asp

profile.asp

reg2.asp

forgot.asp

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.1

Confidence

Low

EPSS

0.006

Percentile

79.2%

JSON

Multiple SQL injection vulnerabilities in BroadBoard Instant ASP Message Board allow remote attackers to run arbitrary SQL commands via the (1) keywords parameter to search.asp, (2) handle parameter to profile.asp, (3) txtUserHandle parameter to reg2.asp or (4) txtUserEmail parameter to forgot.asp.

Affected configurations

Nvd

Node

broadboard_instantasp_message_board

VendorProductVersionCPE
broadboard_instantasp_message_board*cpe:2.3:a:broadboard_instant:asp_message_board:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
broadboard_instant	asp_message_board	*	cpe:2.3:a:broadboard_instant:asp_message_board::::::::

References

marc.info/?l=bugtraq&m=109630777608244&w=2

secunia.com/advisories/12658

securitytracker.com/id?1011419

www.securityfocus.com/bid/11250

exchange.xforce.ibmcloud.com/vulnerabilities/17498

exchange.xforce.ibmcloud.com/vulnerabilities/17500

exchange.xforce.ibmcloud.com/vulnerabilities/17501

exchange.xforce.ibmcloud.com/vulnerabilities/17502

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.1

Confidence

Low

EPSS

0.006

Percentile

79.2%

JSON

Related for CVE-2004-1555