Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0272


Vulnerability Score 7.5 7.5
CVE Id CVE-2004-0272
Last Modified 05 Sep 2008 04:37:59
Published 23 Nov 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



SQL injection vulnerability in MaxWebPortal allows remote attackers to inject arbitrary SQL code and gain sensitive information via the SendTo parameter in Personal Messages.

Vulnerable Systems


  • Maxwebportal 1.30

  • Maxwebportal 1.31


XF - maxwebportal-personalmesssages-sql-injection(15121)

BID - 9625

BUGTRAQ - 20040210 XSS, Sql Injection and Avatar ScriptCode Injection in MaxWebPortal

Last Updated: 27 May 2016 10:38:32