CVE-2004-1555

Multiple SQL injection vulnerabilities in BroadBoard Instant ASP Message Board allow remote attackers to run arbitrary SQL commands via the (1) keywords parameter to search.asp, (2) handle parameter to profile.asp, (3) txtUserHandle parameter to reg2.asp or (4) txtUserEmail parameter to forgot.asp.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://marc.info/?l=bugtraq&m=109630777608244&w=2
http://secunia.com/advisories/12658	Vendor Advisory
http://securitytracker.com/id?1011419
http://www.securityfocus.com/bid/11250	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/17498
https://exchange.xforce.ibmcloud.com/vulnerabilities/17500
https://exchange.xforce.ibmcloud.com/vulnerabilities/17501
https://exchange.xforce.ibmcloud.com/vulnerabilities/17502

Configurations

Configuration 1 (hide)

cpe:2.3:a:broadboard_instant:asp_message_board:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2004-12-31 05:00

Updated : 2017-07-11 01:31

NVD link : CVE-2004-1555

Mitre link : CVE-2004-1555

CVE.ORG link : CVE-2004-1555

JSON object : View

Products Affected

broadboard_instant

asp_message_board

CWE

NVD-CWE-Other

7.5 /10