Lucene search

[email protected]CVE-2004-1654

HistorySep 01, 2004 - 4:00 a.m.

CVE-2004-1654

2004-09-0104:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

sql injection

phpwebsite

calendar module

nvd

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.3%

JSON

SQL injection vulnerability in the calendar module in phpWebsite 0.9.3-4 and earlier allows remote attackers to execute arbitrary SQL commands via cal_template.

CPENameOperatorVersion
phpwebsite:phpwebsitephpwebsiteeq0.9.3.4
phpwebsite:phpwebsitephpwebsiteeq0.8.2
phpwebsite:phpwebsitephpwebsiteeq0.9.3
phpwebsite:phpwebsitephpwebsiteeq0.8.3
phpwebsite:phpwebsitephpwebsiteeq0.7.3

CPE	Name	Operator	Version
phpwebsite:phpwebsite	phpwebsite	eq	0.9.3.4
phpwebsite:phpwebsite	phpwebsite	eq	0.8.2
phpwebsite:phpwebsite	phpwebsite	eq	0.9.3
phpwebsite:phpwebsite	phpwebsite	eq	0.8.3
phpwebsite:phpwebsite	phpwebsite	eq	0.7.3

References

marc.info/?l=bugtraq&m=109413493005513&w=2

secunia.com/advisories/12438

www.gulftech.org/?node=research&article_id=00048-08312004

www.phpwebsite.appstate.edu/index.php?module=announce&ANN_user_op=view&ANN_id=822

www.securityfocus.com/bid/11088

exchange.xforce.ibmcloud.com/vulnerabilities/17199

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.3%

JSON

Related for CVE-2004-1654

cvelist1