Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2202

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-2202
Last Modified 05 Sep 2008 04:43:28
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2202

Summary

Multiple SQL injection vulnerabilities in DUware DUclassified 4.0 through 4.2 allows remote attackers to bypass authentication and execute other commands on the server's underlying database via the (1) cat_id or (2) sub_id parameters in adDetail.asp, or (2) the password parameter in the login form.

Vulnerable Systems

Application

  • Duware Duclassified 4.0

  • Duware Duclassified 4.1

  • Duware Duclassified 4.2


References

XF - duclassified-multiple-sql-injection(17685)

SECTRACK - 1011596

BID - 11363

OSVDB - 10669

OSVDB - 10668


Last Updated: 27 May 2016 10:39:23