Vulnerabilities > CVE-2002-1499 - SQL Injection vulnerability in Factosystem Weblog 0.9B/1.0Beta/1.1Beta
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in FactoSystem CMS allows remote attackers to perform unauthorized database actions via (1) the authornumber parameter in author.asp, (2) the discussblurbid parameter in discuss.asp, (3) the name parameter in holdcomment.asp, and (4) the email parameter in holdcomment.asp.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Exploit-Db
description | FactoSystem Weblog 0.9/1.0/1.1 Multiple SQL Injection Vulnerabilities. CVE-2002-1499. Webapps exploit for asp platform |
id | EDB-ID:21766 |
last seen | 2016-02-02 |
modified | 2002-08-31 |
published | 2002-08-31 |
reporter | Matthew Murphy |
source | https://www.exploit-db.com/download/21766/ |
title | FactoSystem Weblog 0.9/1.0/1.1 - Multiple SQL Injection Vulnerabilities |