CVE-2004-2067

Sažetak

SQL injection vulnerability in controlpanel.php in Jaws Framework and Content Management System 0.4 allows remote attackers to execute arbitrary SQL and bypass authentication via the (1) user, (2) password, or (3) crypted_password parameters.

Reference

http://marc.info/?l=bugtraq&m=109116345930380&w=2
http://securitytracker.com/id?1010815
http://www.jaws.com.mx/index.php?gadget=blog&action=single_view&id=10
http://www.osvdb.org/8320
http://www.securityfocus.com/bid/10826
https://exchange.xforce.ibmcloud.com/vulnerabilities/16847

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

11-07-2017 - 01:31

Objavljeno

29-07-2004 - 04:00