Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1555

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-1555
Last Modified 05 Sep 2008 04:41:43
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1555

Summary

Multiple SQL injection vulnerabilities in BroadBoard Instant ASP Message Board allow remote attackers to run arbitrary SQL commands via the (1) keywords parameter to search.asp, (2) handle parameter to profile.asp, (3) txtUserHandle parameter to reg2.asp or (4) txtUserEmail parameter to forgot.asp.

Vulnerable Systems

Application

  • Broadboard Instant Asp Message Board


References

XF - broadboard-forgotasp-sql-injection(17502)

XF - broadboard-reg2asp-sql-injection(17501)

XF - broadboard-profileasp-sql-injection(17500)

XF - broadboard-searchasp-sql-injection(17498)

BID - 11250

SECUNIA - 12658

BUGTRAQ - 20040926 SQL injection in BroadBoard Instant ASP Message Board

SECTRACK - 1011419


Last Updated: 27 May 2016 10:39:05