CVE-2004-1553

EPSS 2.4%

SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. NOTE: it was later reported that vector 1 affects aspWebAlbum 3.2, and the vector involves the txtUserName parameter in a processlogin action to album.asp, as reachable from the login action.

Affected products

n/a · n/a

public PoCs found — 2

cve_referencewww.exploit-db.com/exploits/6420unverified cve_referencewww.exploit-db.com/exploits/6357unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://marc.info/?l=bugtraq&m=109604910025090&w=2 http://osvdb.org/47913 http://osvdb.org/47914 http://secunia.com/advisories/31649 https://exchange.xforce.ibmcloud.com/vulnerabilities/17507 https://exchange.xforce.ibmcloud.com/vulnerabilities/44876 https://exchange.xforce.ibmcloud.com/vulnerabilities/44877 https://www.exploit-db.com/exploits/6357 https://www.exploit-db.com/exploits/6420 http://www.securityfocus.com/bid/11246 http://www.securityfocus.com/bid/30996