7.5
CVE-2004-2324
- EPSS 1.22%
- Veröffentlicht 31.12.2004 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:09:26
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginSQL injection vulnerability in DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to modify the backend database via the (1) table and (2) field parameters in LinkClick.aspx.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dnnsoftware ≫ Dotnetnuke Version1.0.6
Dnnsoftware ≫ Dotnetnuke Version1.0.7
Dnnsoftware ≫ Dotnetnuke Version1.0.8
Dnnsoftware ≫ Dotnetnuke Version1.0.9
Dnnsoftware ≫ Dotnetnuke Version1.0.10d
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.22% | 0.648 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://archives.neohapsis.com/archives/fulldisclosure/2004-01/1161.html
http://secunia.com/advisories/10747
http://www.securityfocus.com/bid/9518
http://www.osvdb.org/3750
https://exchange.xforce.ibmcloud.com/vulnerabilities/14973