CVE-2004-1552

Опубликовано: 31 дек. 2004

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

SQL injection vulnerability in aspWebCalendar allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the eventid parameter to calendar.asp.

Ссылки

http://marc.info/?l=bugtraq&m=109604910025090&w=2
http://secunia.com/advisories/12651
Vendor Advisory
http://secunia.com/advisories/24622
http://www.securityfocus.com/bid/11246
Exploit
http://www.securityfocus.com/bid/23098
http://www.vupen.com/english/advisories/2007/1093
https://exchange.xforce.ibmcloud.com/vulnerabilities/17506
https://exchange.xforce.ibmcloud.com/vulnerabilities/33157
https://www.exploit-db.com/exploits/3546
http://marc.info/?l=bugtraq&m=109604910025090&w=2
http://secunia.com/advisories/12651
Vendor Advisory
http://secunia.com/advisories/24622
http://www.securityfocus.com/bid/11246
Exploit
http://www.securityfocus.com/bid/23098
http://www.vupen.com/english/advisories/2007/1093
https://exchange.xforce.ibmcloud.com/vulnerabilities/17506
https://exchange.xforce.ibmcloud.com/vulnerabilities/33157
https://www.exploit-db.com/exploits/3546

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:full_revolution:aspwebcalendar:4.5:*:*:*:*:*:*:*

EPSS

Процентиль: 89%

0.04304

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-9v8v-2gvj-6xgw

github

почти 4 года назад