CVE-2004-0272
CVE-2004-0272 describes an SQL injection vulnerability in MaxWebPortal that allows remote attackers to inject arbitrary SQL via the SendTo parameter in Personal Messages, potentially exposing sensitive information. The NVD reports a CVSS v2 base score of 7.5 (HIGH) with network access, low attack...