CVE-2004-1553

critical

Description

SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. NOTE: it was later reported that vector 1 affects aspWebAlbum 3.2, and the vector involves the txtUserName parameter in a processlogin action to album.asp, as reachable from the login action.

References

https://www.exploit-db.com/exploits/6420

https://www.exploit-db.com/exploits/6357

https://exchange.xforce.ibmcloud.com/vulnerabilities/44877

https://exchange.xforce.ibmcloud.com/vulnerabilities/44876

https://exchange.xforce.ibmcloud.com/vulnerabilities/17507

http://secunia.com/advisories/31649

http://osvdb.org/47914

http://osvdb.org/47913

http://marc.info/?l=bugtraq&m=109604910025090&w=2

Details

Source: Mitre, NVD

Published: 2004-12-31

Updated: 2017-10-11

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical