Vulnerabilities > CVE-2004-2161 - Remote Input Validation vulnerability in Tutos 1.120040414
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
SQL injection vulnerability in file_overview.php in TUTOS 1.1 allows remote attackers to execute arbitrary SQL commands via the link_id parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | TUTOS file_overview.php link_id Parameter SQL Injection. CVE-2004-2161. Webapps exploit for php platform |
| id | EDB-ID:24616 |
| last seen | 2016-02-02 |
| modified | 2004-09-20 |
| published | 2004-09-20 |
| reporter | Joxean Koret |
| source | https://www.exploit-db.com/download/24616/ |
| title | TUTOS file_overview.php link_id Parameter SQL Injection |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-980.NASL description Joxean Koret discovered several security problems in tutos, a web-based team organization software. The Common Vulnerabilities and Exposures Project identifies the following problems : - CVE-2004-2161 A SQL injection vulnerability allows the execution of SQL commands through the link_id parameter in file_overview.php. - CVE-2004-2162 Cross-Site-Scripting vulnerabilities in the search function of the address book and in app_new.php allow the execution of web script code. last seen 2020-06-01 modified 2020-06-02 plugin id 22846 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22846 title Debian DSA-980-1 : tutos - several vulnerabilities NASL family CGI abuses NASL id TUTOS_SQL_XSS.NASL description The remote host is running Tutos, an open source team organization software package written in PHP. The remote version of this software is vulnerable to multiple input validation flaws that could allow an authenticated user to perform a cross-site scripting attack or a SQL injection against the remote service. last seen 2020-06-01 modified 2020-06-02 plugin id 14784 published 2004-09-21 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14784 title TUTOS < 1.2 Multiple Input Validation Vulnerabilities
References
- http://cvs.sourceforge.net/viewcvs.py/tutos/tutos/php/file/file_overview.php?r1=1.11.2.1&r2=1.11.2.2
- http://secunia.com/advisories/12606/
- http://secunia.com/advisories/18954
- http://securitytracker.com/id?1011363
- http://www.debian.org/security/2006/dsa-980
- http://www.osvdb.org/10164
- http://www.securityfocus.com/archive/1/375757
- http://www.securityfocus.com/bid/11221
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17444