Vulnerabilities > CVE-2004-2202 - Unspecified vulnerability in Duware Duclassified 4.0/4.1/4.2
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Multiple SQL injection vulnerabilities in DUware DUclassified 4.0 through 4.2 allows remote attackers to bypass authentication and execute other commands on the server's underlying database via the (1) cat_id or (2) sub_id parameters in adDetail.asp, or (2) the password parameter in the login form.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Exploit-Db
description | DUclassified 4.x adDetail.asp Multiple Parameter SQL Injection. CVE-2004-2202. Webapps exploit for asp platform |
id | EDB-ID:24671 |
last seen | 2016-02-02 |
modified | 2004-10-11 |
published | 2004-10-11 |
reporter | Soroosh Dalili |
source | https://www.exploit-db.com/download/24671/ |
title | DUclassified 4.x adDetail.asp Multiple Parameter SQL Injection |
Nessus
NASL family | CGI abuses |
NASL id | DUWARE_MULTIPLE_FLAWS.NASL |
description | The remote host is running a product published by DUware - either DUclassmate, DUclassified or DUforum. There is a flaw in the remote version of this software that could allow an attacker to execute arbitrary SQL statements on the remote host by supplying malformed values to the arguments of /admin/, messages.asp or messagesDetails.asp. In addition, DUclassified contains a cross-site scripting vulnerability in Message Text handling. DUclassmate contains an unauthorized password manipulation issue in account.asp. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 15453 |
published | 2004-10-11 |
reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/15453 |
title | DUware Products Multiple Remote Vulnerabilities (SQLi, XSS) |
code |
|
References
- http://www.osvdb.org/10668
- http://www.osvdb.org/10668
- http://www.osvdb.org/10669
- http://www.osvdb.org/10669
- http://www.securityfocus.com/bid/11363
- http://www.securityfocus.com/bid/11363
- http://www.securitytracker.com/alerts/2004/Oct/1011596.html
- http://www.securitytracker.com/alerts/2004/Oct/1011596.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17685
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17685