Lucene search

MitreCVE-2004-2471

HistoryAug 20, 2005 - 4:00 a.m.

CVE-2004-2471

2005-08-2004:00:00

mitre

web.nvd.nist.gov

cve-2004-2471

sql injection

sloth tcl script

quoteengine

remote attackers

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.8

Confidence

Low

EPSS

0.003

Percentile

66.3%

JSON

SQL injection vulnerability in the sloth TCL script in QuoteEngine before 1.2.0 allow remote attackers to execute arbitrary SQL commands via unknown vectors.

Affected configurations

Nvd

Node

jamesoffquoteengineMatch1.0

jamesoffquoteengineMatch1.1

VendorProductVersionCPE
jamesoffquoteengine1.0cpe:2.3:a:jamesoff:quoteengine:1.0:*:*:*:*:*:*:*
jamesoffquoteengine1.1cpe:2.3:a:jamesoff:quoteengine:1.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
jamesoff	quoteengine	1.0	cpe:2.3:a:jamesoff:quoteengine:1.0:::::::*
jamesoff	quoteengine	1.1	cpe:2.3:a:jamesoff:quoteengine:1.1:::::::*

References

secunia.com/advisories/11255

sourceforge.net/project/shownotes.php?release_id=227554

www.securityfocus.com/bid/10017

exchange.xforce.ibmcloud.com/vulnerabilities/15685

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.8

Confidence

Low

EPSS

0.003

Percentile

66.3%

JSON

Related for CVE-2004-2471