Lucene search

[email protected]CVE-2004-1952

HistoryApr 23, 2004 - 4:00 a.m.

CVE-2004-1952

2004-04-2304:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2004-1952

sql injection

advanced guestbook

remote attackers

arbitrary sql commands

gain privileges

nvd

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

59.9%

JSON

SQL injection vulnerability in Advanced Guestbook 2.2 allows remote attackers to execute arbitrary SQL commands and gain privileges via the password.

CPENameOperatorVersion
advanced_guestbook:advanced_guestbookadvanced guestbookeq2.2

CPE	Name	Operator	Version
advanced_guestbook:advanced_guestbook	advanced guestbook	eq	2.2

References

archives.neohapsis.com/archives/bugtraq/2005-02/0138.html

marc.info/?l=bugtraq&m=108258046402890&w=2

www.securityfocus.com/bid/10209

exchange.xforce.ibmcloud.com/vulnerabilities/15892

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

59.9%

JSON