ID |
CVE-2003-0557
|
Summary |
SQL injection vulnerability in login.asp for StoreFront 6.0, and possibly earlier versions, allows remote attackers to obtain sensitive user information via SQL statements in the password field. This issue was addressed in a hot fix for StoreFront 6.1 in late January 2004. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 7.5 (as of 18-10-2016 - 02:35) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
refmap
via4
|
bugtraq | 20030712 ZH2003-3SA (security advisory): Storefront sql injection: users |
|
Last major update |
18-10-2016 - 02:35 |
Published |
18-08-2003 - 04:00 |
Last modified |
18-10-2016 - 02:35 |