CVE-2004-1552

critical

Description

SQL injection vulnerability in aspWebCalendar allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the eventid parameter to calendar.asp.

References

https://www.exploit-db.com/exploits/3546

https://exchange.xforce.ibmcloud.com/vulnerabilities/33157

https://exchange.xforce.ibmcloud.com/vulnerabilities/17506

http://www.vupen.com/english/advisories/2007/1093

http://www.securityfocus.com/bid/23098

http://secunia.com/advisories/24622

http://secunia.com/advisories/12651

http://marc.info/?l=bugtraq&m=109604910025090&w=2

Details

Source: Mitre, NVD

Published: 2004-12-31

Updated: 2017-10-11

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

Detections

Analytics