Vulnerability Details CVE-2004-1552
SQL injection vulnerability in aspWebCalendar allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the eventid parameter to calendar.asp.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.043
EPSS Ranking 88.4%
CVSS Severity
CVSS v2 Score 7.5
References
- http://marc.info/?l=bugtraq&m=109604910025090&w=2
- http://secunia.com/advisories/12651
- http://secunia.com/advisories/24622
- http://www.securityfocus.com/bid/11246
- http://www.securityfocus.com/bid/23098
- http://www.vupen.com/english/advisories/2007/1093
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17506
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33157
- https://www.exploit-db.com/exploits/3546
- http://marc.info/?l=bugtraq&m=109604910025090&w=2
- http://secunia.com/advisories/12651
- http://secunia.com/advisories/24622
- http://www.securityfocus.com/bid/11246
- http://www.securityfocus.com/bid/23098
- http://www.vupen.com/english/advisories/2007/1093
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17506
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33157
- https://www.exploit-db.com/exploits/3546
Products affected by CVE-2004-1552
-
cpe:2.3:a:full_revolution:aspwebcalendar:4.5