1. CVE-Search
  2. CVE-2004-1555
ID CVE-2004-1555
Summary Multiple SQL injection vulnerabilities in BroadBoard Instant ASP Message Board allow remote attackers to run arbitrary SQL commands via the (1) keywords parameter to search.asp, (2) handle parameter to profile.asp, (3) txtUserHandle parameter to reg2.asp or (4) txtUserEmail parameter to forgot.asp.
References
Vulnerable Configurations
  • cpe:2.3:a:broadboard_instant:asp_message_board:*:*:*:*:*:*:*:*
    cpe:2.3:a:broadboard_instant:asp_message_board:*:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 11-07-2017 - 01:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 11250
bugtraq 20040926 SQL injection in BroadBoard Instant ASP Message Board
sectrack 1011419
secunia 12658
xf
  • broadboard-forgotasp-sql-injection(17502)
  • broadboard-profileasp-sql-injection(17500)
  • broadboard-reg2asp-sql-injection(17501)
  • broadboard-searchasp-sql-injection(17498)
Last major update 11-07-2017 - 01:31
Published 31-12-2004 - 05:00
Last modified 11-07-2017 - 01:31
Back to Top