Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2322

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-2322
Last Modified 05 Sep 2008 04:43:48
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2322

Summary

SQL injection vulnerability in the (1) announce and (2) notes modules of phpWebSite before 0.9.3-2 allows remote attackers to execute arbitrary SQL queries, as demonstrated using the ANN_id parameter to the announce module.

Vulnerable Systems

Application

  • Phpwebsite 0.9.0

  • Phpwebsite 0.9.1

  • Phpwebsite 0.9.2

  • Phpwebsite 0.9.2.1

  • Phpwebsite 0.9.3

  • Phpwebsite 0.9.3.1


References

XF - phpwebsite-announce-sql-injection(15219)

MISC - http://www.zone-h.com/advisories/read/id=3955

MISC - http://www.systemsecure.org/advisories/ssadvisory13022004.php

SECTRACK - 1009045

OSVDB - 3852

CONFIRM - http://sourceforge.net/tracker/index.php?func=detail&aid=892174&group_id=15539&atid=115539

SECUNIA - 10878


Last Updated: 27 May 2016 10:39:26