Lucene search

[email protected]CVE-2004-2202

HistoryJul 10, 2005 - 4:00 a.m.

CVE-2004-2202

2005-07-1004:00:00

[email protected]

web.nvd.nist.gov

cve-2004-2202

sql injection

duware duclassified

authentication bypass

remote attack

server database

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.6 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.1%

JSON

Multiple SQL injection vulnerabilities in DUware DUclassified 4.0 through 4.2 allows remote attackers to bypass authentication and execute other commands on the server’s underlying database via the (1) cat_id or (2) sub_id parameters in adDetail.asp, or (2) the password parameter in the login form.

Affected configurations

NVD

Node

duwareduclassifiedMatch4.0

duwareduclassifiedMatch4.1

duwareduclassifiedMatch4.2

CPENameOperatorVersion
duware:duclassifiedduware duclassifiedeq4.0
duware:duclassifiedduware duclassifiedeq4.1
duware:duclassifiedduware duclassifiedeq4.2

CPE	Name	Operator	Version
duware:duclassified	duware duclassified	eq	4.0
duware:duclassified	duware duclassified	eq	4.1
duware:duclassified	duware duclassified	eq	4.2

References

www.osvdb.org/10668

www.osvdb.org/10669

www.securityfocus.com/bid/11363

www.securitytracker.com/alerts/2004/Oct/1011596.html

exchange.xforce.ibmcloud.com/vulnerabilities/17685

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.6 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.1%

JSON

Related for CVE-2004-2202

nvd1 cvelist1 nessus1