Vulnerabilities > CVE-2005-2624 - Remote Security vulnerability in Cpaint 1.3Sp

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

cpaint

NVD

Published: 2005-08-19

Updated: 2016-10-18

Summary

Eval injection vulnerability in CPAINT 1.3-SP allows remote attackers to execute arbitrary ASP code via the cpaint_argument[] parameter to (1) calculator.asp or (2) cpaintfile.asp, which is directly fed into an eval statement.

Vulnerable Configurations

Part	Description	Count
Application	Cpaint Cpaint Cpaint 1.3_Sp	1

References

http://marc.info/?l=bugtraq&m=112421484419768&w=2