7.5
CVE-2002-1499
- EPSS 2.48%
- Veröffentlicht 02.04.2003 05:00:00
- Zuletzt bearbeitet 16.06.2026 21:59:26
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginMultiple SQL injection vulnerabilities in FactoSystem CMS allows remote attackers to perform unauthorized database actions via (1) the authornumber parameter in author.asp, (2) the discussblurbid parameter in discuss.asp, (3) the name parameter in holdcomment.asp, and (4) the email parameter in holdcomment.asp.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Factosystem ≫ Factosystem Weblog Version0.9b
Factosystem ≫ Factosystem Weblog Version1.0_beta
Factosystem ≫ Factosystem Weblog Version1.1_beta
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.48% | 0.825 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0097.html
http://online.securityfocus.com/archive/1/290021
http://sourceforge.net/tracker/index.php?func=detail&aid=602711&group_id=12668&atid=112668
http://www.iss.net/security_center/static/10000.php
http://www.securityfocus.com/bid/5600