Vulnerability Details CVE-2002-0555
IBM Informix Web DataBlade 4.12 unescapes user input even if an application has escaped it, which could allow remote attackers to execute SQL code in a web form even when the developer has attempted to escape it.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 78.1%
CVSS Severity
CVSS v2 Score 7.5
References
- http://archives.neohapsis.com/archives/bugtraq/2002-04/0137.html
- http://www.iss.net/security_center/static/8827.php
- http://www.securityfocus.com/bid/4498
- http://archives.neohapsis.com/archives/bugtraq/2002-04/0137.html
- http://www.iss.net/security_center/static/8827.php
- http://www.securityfocus.com/bid/4498
Products affected by CVE-2002-0555
-
cpe:2.3:a:ibm:informix_web_datablade:4.10
-
cpe:2.3:a:ibm:informix_web_datablade:4.11
-
cpe:2.3:a:ibm:informix_web_datablade:4.12
-
cpe:2.3:a:ibm:informix_web_datablade:4.13