Vulnerabilities > CVE-2002-0308 - Remote SQL Injection vulnerability in Stefan Holmberg Admentor 2.11

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

stefan-holmberg

critical

NVD

Published: 2002-05-31

Updated: 2017-07-11

Summary

admin.asp in AdMentor 2.11 allows remote attackers to bypass authentication and gain privileges via a SQL injection attack on the Login and Password arguments.

Vulnerable Configurations

Part	Description	Count
Application	Stefan_Holmberg Stefan Holmberg Admentor 2.11	1

References

http://marc.info/?l=bugtraq&m=101430885516675&w=2
http://www.securityfocus.com/bid/4152
https://exchange.xforce.ibmcloud.com/vulnerabilities/8245