Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0874

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2003-0874
Last Modified 05 Sep 2008 04:35:29
Published 17 Nov 2003 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0874

Summary

Multiple SQL injection vulnerabilities in DeskPRO 1.1.0 and earlier allow remote attackers to insert arbitrary SQL and conduct unauthorized activities via (1) the cat parameter in faq.php, (2) the article parameter in faq.php, (3) the tickedid parameter in view.php, and (4) the Password entry on the logon screen.

Vulnerable Systems

Application

  • Deskpro 1.1 .0


References

BID - 8856

MISC - http://www.securiteam.com/unixfocus/6R0052K8KM.html

XF - deskpro-multiple-sql-injection(13391)

BUGTRAQ - 20031020 Multiple SQL Injection Vulnerabilities in DeskPRO


Last Updated: 27 May 2016 10:38:05