CVE-2004-1402

critical

Description

SQL injection vulnerability in iWebNegar allows remote attackers to execute arbitrary SQL commands via (1) the string parameter for index.php, (2) comments.php, or (3) the administrator login page.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/18505

http://marc.info/?l=bugtraq&m=110314454810163&w=2

Details

Source: Mitre, NVD

Published: 2004-12-31

Updated: 2017-07-11

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H