Lucene search

[email protected]CVE-2004-2202

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-2202

2004-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2004-2202

sql injection

duware duclassified

authentication bypass

remote attack

server database

8.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

52.5%

JSON

Multiple SQL injection vulnerabilities in DUware DUclassified 4.0 through 4.2 allows remote attackers to bypass authentication and execute other commands on the server’s underlying database via the (1) cat_id or (2) sub_id parameters in adDetail.asp, or (2) the password parameter in the login form.

CPENameOperatorVersion
duware:duclassifiedduware duclassifiedeq4.1
duware:duclassifiedduware duclassifiedeq4.0
duware:duclassifiedduware duclassifiedeq4.2

CPE	Name	Operator	Version
duware:duclassified	duware duclassified	eq	4.1
duware:duclassified	duware duclassified	eq	4.0
duware:duclassified	duware duclassified	eq	4.2

References

www.osvdb.org/10668

www.osvdb.org/10669

www.securityfocus.com/bid/11363

www.securitytracker.com/alerts/2004/Oct/1011596.html

exchange.xforce.ibmcloud.com/vulnerabilities/17685

8.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

52.5%

JSON

Related for CVE-2004-2202

nessus1