CVE-2004-2202

2004-12-31T05:00:00
ID CVE-2004-2202
Type cve
Reporter cve@mitre.org
Modified 2017-07-11T01:31:00

Description

Multiple SQL injection vulnerabilities in DUware DUclassified 4.0 through 4.2 allows remote attackers to bypass authentication and execute other commands on the server's underlying database via the (1) cat_id or (2) sub_id parameters in adDetail.asp, or (2) the password parameter in the login form.