Vulnerabilities > CVE-2004-2322 - SQL-Injection vulnerability in Phpwebsite

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

phpwebsite

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

SQL injection vulnerability in the (1) announce and (2) notes modules of phpWebSite before 0.9.3-2 allows remote attackers to execute arbitrary SQL queries, as demonstrated using the ANN_id parameter to the announce module.

Vulnerable Configurations

Part	Description	Count
Application	Phpwebsite Phpwebsite Phpwebsite 0.9.0 Phpwebsite Phpwebsite 0.9.1 Phpwebsite Phpwebsite 0.9.2 Phpwebsite Phpwebsite 0.9.2.1 Phpwebsite Phpwebsite 0.9.3 Phpwebsite Phpwebsite 0.9.3.1	6

References

http://secunia.com/advisories/10878/
http://sourceforge.net/tracker/index.php?func=detail&aid=892174&group_id=15539&atid=115539
http://www.osvdb.org/3852
http://www.securitytracker.com/alerts/2004/Feb/1009045.html
http://www.systemsecure.org/advisories/ssadvisory13022004.php
http://www.zone-h.com/advisories/read/id=3955
https://exchange.xforce.ibmcloud.com/vulnerabilities/15219