CVE-2004-2324

SQL injection vulnerability in DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to modify the backend database via the (1) table and (2) field parameters in LinkClick.aspx.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://archives.neohapsis.com/archives/fulldisclosure/2004-01/1161.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/9518	Patch
http://www.osvdb.org/3750
http://secunia.com/advisories/10747
https://exchange.xforce.ibmcloud.com/vulnerabilities/14973

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.10d:::::::*
	cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.6:::::::*
	cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.7:::::::*
	cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.8:::::::*
	cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.9:::::::*

Information

Published : 2004-12-30 21:00

Updated : 2017-07-10 18:31

NVD link : CVE-2004-2324

Mitre link : CVE-2004-2324

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

dotnetnuke

dotnetnuke

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-01/1161.html", "name": "20040128 Dotnetnuke Multiple Vulnerabilities", "tags": ["Patch", "Vendor Advisory"], "refsource": "FULLDISC"}, {"url": "http://www.securityfocus.com/bid/9518", "name": "9518", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://www.osvdb.org/3750", "name": "3750", "tags": [], "refsource": "OSVDB"}, {"url": "http://secunia.com/advisories/10747", "name": "10747", "tags": [], "refsource": "SECUNIA"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14973", "name": "dotnetnuke-multiple-sql-injection(14973)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "SQL injection vulnerability in DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to modify the backend database via the (1) table and (2) field parameters in LinkClick.aspx."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-2324", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2004-12-31T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.10d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:31Z"}