Vulnerabilities > CVE-2002-1499 - Unspecified vulnerability in Factosystem Weblog 0.9B/1.0Beta/1.1Beta
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN factosystem
exploit available
Summary
Multiple SQL injection vulnerabilities in FactoSystem CMS allows remote attackers to perform unauthorized database actions via (1) the authornumber parameter in author.asp, (2) the discussblurbid parameter in discuss.asp, (3) the name parameter in holdcomment.asp, and (4) the email parameter in holdcomment.asp.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Exploit-Db
| description | FactoSystem Weblog 0.9/1.0/1.1 Multiple SQL Injection Vulnerabilities. CVE-2002-1499. Webapps exploit for asp platform |
| id | EDB-ID:21766 |
| last seen | 2016-02-02 |
| modified | 2002-08-31 |
| published | 2002-08-31 |
| reporter | Matthew Murphy |
| source | https://www.exploit-db.com/download/21766/ |
| title | FactoSystem Weblog 0.9/1.0/1.1 - Multiple SQL Injection Vulnerabilities |
References
- http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0097.html
- http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0097.html
- http://online.securityfocus.com/archive/1/290021
- http://online.securityfocus.com/archive/1/290021
- http://sourceforge.net/tracker/index.php?func=detail&aid=602711&group_id=12668&atid=112668
- http://sourceforge.net/tracker/index.php?func=detail&aid=602711&group_id=12668&atid=112668
- http://www.iss.net/security_center/static/10000.php
- http://www.iss.net/security_center/static/10000.php
- http://www.securityfocus.com/bid/5600
- http://www.securityfocus.com/bid/5600