Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1553

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-1553
Last Modified 19 Aug 2009 12:00:00
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1553

Summary

SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. NOTE: it was later reported that vector 1 affects aspWebAlbum 3.2, and the vector involves the txtUserName parameter in a processlogin action to album.asp, as reachable from the login action.

Vulnerable Systems

Application

  • Fullrevolution Aspwebalbum 3.2


References

XF - aspwebalbum-album-sql-injection(44877)

XF - aspwebalbum-image-file-upload(44876)

XF - aspwebalbum-sql-injection(17507)

BID - 30996

BID - 11246

MILW0RM - 6420

MILW0RM - 6357

SECUNIA - 31649

OSVDB - 47914

OSVDB - 47913

BUGTRAQ - 20040923 aspWebCalendar /aspWebAlbum: SQL injection


Last Updated: 27 May 2016 10:39:05