Vulnerabilities > CVE-2004-1955 - Multiple vulnerability in PHProfession 2.5

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
phprofession
exploit available
NVD
Published: 2004-12-31
Updated: 2017-07-11

Summary

SQL injection vulnerability in modules.php in phProfession 2.5 allows remote attackers to execute arbitrary SQL code via the offset parameter.

Vulnerable Configurations

Part Description Count
Application
Phprofession
1

Exploit-Db

descriptionphProfession 2.5 modules.php offset Parameter SQL Injection. CVE-2004-1955. Webapps exploit for php platform
idEDB-ID:24034
last seen2016-02-02
modified2004-04-23
published2004-04-23
reporterJanek Vind
sourcehttps://www.exploit-db.com/download/24034/
titlephProfession 2.5 modules.php offset Parameter SQL Injection

References