1.1Beta

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

factosystem

exploit available

NVD

Published: 2003-04-02

Updated: 2008-09-05

Summary

Multiple SQL injection vulnerabilities in FactoSystem CMS allows remote attackers to perform unauthorized database actions via (1) the authornumber parameter in author.asp, (2) the discussblurbid parameter in discuss.asp, (3) the name parameter in holdcomment.asp, and (4) the email parameter in holdcomment.asp.

Vulnerable Configurations

Part	Description	Count
Application	Factosystem Factosystem Factosystem Weblog 0.9B Factosystem Factosystem Weblog 1.0_Beta Factosystem Factosystem Weblog 1.1_Beta	3

Exploit-Db

description	FactoSystem Weblog 0.9/1.0/1.1 Multiple SQL Injection Vulnerabilities. CVE-2002-1499. Webapps exploit for asp platform
id	EDB-ID:21766
last seen	2016-02-02
modified	2002-08-31
published	2002-08-31
reporter	Matthew Murphy
source	https://www.exploit-db.com/download/21766/
title	FactoSystem Weblog 0.9/1.0/1.1 - Multiple SQL Injection Vulnerabilities

Summary

Vulnerable Configurations

Exploit-Db

References