Vulnerabilities > CVE-2005-2066 - SQL Injection vulnerability in Asp-Nuke 0.80

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

asp-nuke

exploit available

NVD

Published: 2005-06-29

Updated: 2016-10-18

Summary

SQL injection vulnerability in comment_post.asp in ASP Nuke 0.80 allows remote attackers to execute arbitrary SQL statements via the TaskID parameter.

Vulnerable Configurations

Part	Description	Count
Application	Asp-Nuke ASP Nuke ASP Nuke 0.80	1

Exploit-Db

description	ASPNuke <= 0.80 (comment_post.asp) SQL Injection Exploit. CVE-2005-2066. Webapps exploit for asp platform
id	EDB-ID:1071
last seen	2016-01-31
modified	2005-06-27
published	2005-06-27
reporter	Alberto Trivero
source	https://www.exploit-db.com/download/1071/
title	ASPNuke <= 0.80 comment_post.asp SQL Injection Exploit

References

http://marc.info/?l=bugtraq&m=111989223906484&w=2
http://marc.info/?l=bugtraq&m=111999188612055&w=2
http://www.securityfocus.com/bid/14064