Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2324

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-2324
Last Modified 05 Sep 2008 04:43:49
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2324

Summary

SQL injection vulnerability in DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to modify the backend database via the (1) table and (2) field parameters in LinkClick.aspx.

Vulnerable Systems

Application

  • Dotnetnuke 1.0.10d

  • Dotnetnuke 1.0.6

  • Dotnetnuke 1.0.7

  • Dotnetnuke 1.0.8

  • Dotnetnuke 1.0.9


References

XF - dotnetnuke-multiple-sql-injection(14973)

BID - 9518

FULLDISC - 20040128 Dotnetnuke Multiple Vulnerabilities

OSVDB - 3750

SECUNIA - 10747


Last Updated: 27 May 2016 10:39:26