Vulnerabilities > CVE-2004-1402 - SQL Injection vulnerability in IWebNegar
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
SQL injection vulnerability in iWebNegar allows remote attackers to execute arbitrary SQL commands via (1) the string parameter for index.php, (2) comments.php, or (3) the administrator login page.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | IWebNegar Multiple SQL Injection Vulnerabilities. CVE-2004-1402 . Webapps exploit for php platform |
id | EDB-ID:24842 |
last seen | 2016-02-03 |
modified | 2004-12-15 |
published | 2004-12-15 |
reporter | Shervin Khaleghjou |
source | https://www.exploit-db.com/download/24842/ |
title | IWebNegar Multiple SQL Injection Vulnerabilities |
Nessus
NASL family | CGI abuses |
NASL id | IWEBNEGAR_SQL.NASL |
description | The remote host appears to be running iWebNegar, a web log application written in PHP. There is a flaw in the remote software that may allow anyone to inject arbitrary SQL commands and in turn gain administrative access to the affected application. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 15972 |
published | 2004-12-15 |
reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/15972 |
title | iWebNegar Multiple Scripts SQL Injection |
code |
|