Vulnerabilities > CVE-2004-1843 - SQL Injection vulnerability in Expinion.net Member Management System ID Parameter

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
expinion-net
exploit available
NVD
Published: 2004-03-20
Updated: 2017-07-11

Summary

SQL injection vulnerability in Member Management System 2.1 allows remote attackers to execute arbitrary SQL via the ID parameter to (1) resend.asp or (2) news_view.asp.

Vulnerable Configurations

Part Description Count
Application
Expinion.Net
1

Exploit-Db

  • descriptionExpinion.net Member Management System 2.1 resend.asp ID Parameter SQL Injection. CVE-2004-1843. Webapps exploit for asp platform
    idEDB-ID:23852
    last seen2016-02-02
    modified2004-03-20
    published2004-03-20
    reporterManuel Lopez
    sourcehttps://www.exploit-db.com/download/23852/
    titleExpinion.net Member Management System 2.1 resend.asp ID Parameter SQL Injection
  • descriptionExpinion.net Member Management System 2.1 news_view.asp ID Parameter SQL Injection. CVE-2004-1843. Webapps exploit for asp platform
    idEDB-ID:23851
    last seen2016-02-02
    modified2004-03-20
    published2004-03-20
    reporterManuel Lopez
    sourcehttps://www.exploit-db.com/download/23851/
    titleExpinion.net Member Management System 2.1 news_view.asp ID Parameter SQL Injection

References