Lucene search

[email protected]CVE-2004-1952

HistoryMay 10, 2005 - 4:00 a.m.

CVE-2004-1952

2005-05-1004:00:00

[email protected]

web.nvd.nist.gov

cve-2004-1952

sql injection

advanced guestbook

remote attackers

arbitrary sql commands

gain privileges

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.9 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

60.5%

JSON

SQL injection vulnerability in Advanced Guestbook 2.2 allows remote attackers to execute arbitrary SQL commands and gain privileges via the password.

Affected configurations

NVD

Node

advanced_guestbookadvanced_guestbookMatch2.2

CPENameOperatorVersion
advanced_guestbook:advanced_guestbookadvanced guestbookeq2.2

CPE	Name	Operator	Version
advanced_guestbook:advanced_guestbook	advanced guestbook	eq	2.2

References

archives.neohapsis.com/archives/bugtraq/2005-02/0138.html

marc.info/?l=bugtraq&m=108258046402890&w=2

www.securityfocus.com/bid/10209

exchange.xforce.ibmcloud.com/vulnerabilities/15892

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.9 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

60.5%

JSON

Related for CVE-2004-1952

nvd1 cvelist1