CVE-2002-1499

Sažetak

Multiple SQL injection vulnerabilities in FactoSystem CMS allows remote attackers to perform unauthorized database actions via (1) the authornumber parameter in author.asp, (2) the discussblurbid parameter in discuss.asp, (3) the name parameter in holdcomment.asp, and (4) the email parameter in holdcomment.asp.

Reference

http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0097.html
http://online.securityfocus.com/archive/1/290021
http://sourceforge.net/tracker/index.php?func=detail&aid=602711&group_id=12668&atid=112668
http://www.iss.net/security_center/static/10000.php
http://www.securityfocus.com/bid/5600

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

05-09-2008 - 20:30

Objavljeno

02-04-2003 - 05:00