Nextweb: >> Nextweb (I)site Security Vulnerabilities
SQL injection vulnerability in login.asp in NEXTWEB (i)Site allows remote attackers to execute arbitrary SQL commands and bypass authentication via the password field.
CVSS Score
7.5
EPSS Score
0.018
Published
2005-06-01
NEXTWEB (i)Site stores databases under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to databases/Users.mdb.
CVSS Score
5.0
EPSS Score
0.007
Published
2005-06-01
NEXTWEB (i)Site allows remote attackers to cause a denial of service (error 500) via a crafted HTTP request, possibly involving wildcard requests for .jsp files.
CVSS Score
5.0
EPSS Score
0.029
Published
2005-06-01