CVE-2004-1647

Опубликовано: 30 авг. 2004

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

SQL injection vulnerability in Password Protect allows remote attackers to execute arbitrary SQL statements and bypass authentication via (1) admin or Pass parameter to index_next.asp, (2) LoginId, OPass, or NPass to CPassChangePassword.asp, (3) users_edit.asp, or (4) users_add.asp.

Ссылки

http://marc.info/?l=bugtraq&m=109414967003192&w=2
http://secunia.com/advisories/12407
Vendor Advisory
http://www.criolabs.net/advisories/passprotect.txt
URL Repurposed
http://www.securityfocus.com/bid/11073
Exploit
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17188
http://marc.info/?l=bugtraq&m=109414967003192&w=2
http://secunia.com/advisories/12407
Vendor Advisory
http://www.criolabs.net/advisories/passprotect.txt
URL Repurposed
http://www.securityfocus.com/bid/11073
Exploit
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17188

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:web_animations:password_protect:*:*:*:*:*:*:*:*

EPSS

Процентиль: 71%

0.00656

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-6m92-qjr5-r83w

github

почти 4 года назад