Published: 31/12/2004 Updated: 11/07/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in DUware DUclassified 4.0 up to and including 4.2 allows remote malicious users to bypass authentication and execute other commands on the server's underlying database via the (1) cat_id or (2) sub_id parameters in adDetail.asp, or (2) the password parameter in the login form.

Vulnerable Product	Search on Vulmon	Subscribe to Product
duware duclassified 4.0
duware duclassified 4.1
duware duclassified 4.2

source: wwwsecurityfocuscom/bid/11363/info Multiple vulnerabilities have been identified in the software that may allow a remote attacker to carry out SQL injection and HTML injection attacks An attacker may also gain unauthorized access to a user's account DUclassmate may allow unauthorized remote attackers to gain access to a compute ...

NVD-CWE-Other http://www.securityfocus.com/bid/11363 http://www.osvdb.org/10668 http://www.osvdb.org/10669 http://www.securitytracker.com/alerts/2004/Oct/1011596.html https://exchange.xforce.ibmcloud.com/vulnerabilities/17685 https://nvd.nist.gov https://www.exploit-db.com/exploits/24671/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2004-2202

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect