Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1348

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2001-1348
Last Modified 05 Sep 2008 04:26:19
Published 28 May 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-1348

Summary

TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized database operations via a SQL injection attack on the id parameter.

Vulnerable Systems

Application

  • Twig Development Team Twig 2.0

  • Twig Development Team Twig 2.0 Beta1

  • Twig Development Team Twig 2.0 Beta2

  • Twig Development Team Twig 2.0 Beta3

  • Twig Development Team Twig 2.0.1

  • Twig Development Team Twig 2.0.2

  • Twig Development Team Twig 2.0.3

  • Twig Development Team Twig 2.1

  • Twig Development Team Twig 2.1.1

  • Twig Development Team Twig 2.2

  • Twig Development Team Twig 2.2.1

  • Twig Development Team Twig 2.2.2

  • Twig Development Team Twig 2.2.3

  • Twig Development Team Twig 2.3

  • Twig Development Team Twig 2.3.1

  • Twig Development Team Twig 2.3.2

  • Twig Development Team Twig 2.4

  • Twig Development Team Twig 2.5

  • Twig Development Team Twig 2.5.1

  • Twig Development Team Twig 2.6

  • Twig Development Team Twig 2.6.1


References

BID - 2791

XF - twig-webmail-query-modification(6619)

MISC - http://twig.screwdriver.net/index.php3

BUGTRAQ - 20010528 TWIG SQL query bugs


Last Updated: 27 May 2016 10:36:38