mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
132 lines
4.6 KiB
JSON
132 lines
4.6 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "cve@mitre.org",
|
|
"ID": "CVE-2004-2551",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "n/a",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "n/a"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Multiple SQL injection vulnerabilities in Layton HelpBox 3.0.1 allow remote attackers to execute arbitrary SQL commands via (1) the sys_comment_id parameter in editcommentenduser.asp, (2) the sys_suspend_id parameter in editsuspensionuser.asp, (3) the table parameter in export_data.asp, (4) the sys_analgroup parameter in manageanalgrouppreference.asp, (5) the sys_asset_id parameter in quickinfoassetrequests.asp, (6) the sys_eusername parameter in quickinfoenduserrequests.asp, and the sys_request_id parameter in (7) requestauditlog.asp, (8) requestcommentsenduser.asp, (9) selectrequestapplytemplate.asp, and (10) selectrequestlink.asp, resulting in an ability to create a new HelpBox user account and read, modify, or delete data from the backend database."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "8178",
|
|
"refsource": "OSVDB",
|
|
"url": "http://www.osvdb.org/8178"
|
|
},
|
|
{
|
|
"name": "helpbox-multiple-sql-injection(16772)",
|
|
"refsource": "XF",
|
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16772"
|
|
},
|
|
{
|
|
"name": "12118",
|
|
"refsource": "SECUNIA",
|
|
"url": "http://secunia.com/advisories/12118"
|
|
},
|
|
{
|
|
"name": "8179",
|
|
"refsource": "OSVDB",
|
|
"url": "http://www.osvdb.org/8179"
|
|
},
|
|
{
|
|
"name": "http://www.securiteam.com/windowsntfocus/5VP0S0ADFW.html",
|
|
"refsource": "MISC",
|
|
"url": "http://www.securiteam.com/windowsntfocus/5VP0S0ADFW.html"
|
|
},
|
|
{
|
|
"name": "helpbox-url-gain-access(16774)",
|
|
"refsource": "XF",
|
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16774"
|
|
},
|
|
{
|
|
"name": "8175",
|
|
"refsource": "OSVDB",
|
|
"url": "http://www.osvdb.org/8175"
|
|
},
|
|
{
|
|
"name": "10776",
|
|
"refsource": "BID",
|
|
"url": "http://www.securityfocus.com/bid/10776"
|
|
},
|
|
{
|
|
"name": "8176",
|
|
"refsource": "OSVDB",
|
|
"url": "http://www.osvdb.org/8176"
|
|
},
|
|
{
|
|
"name": "8177",
|
|
"refsource": "OSVDB",
|
|
"url": "http://www.osvdb.org/8177"
|
|
},
|
|
{
|
|
"name": "8172",
|
|
"refsource": "OSVDB",
|
|
"url": "http://www.osvdb.org/8172"
|
|
},
|
|
{
|
|
"name": "8170",
|
|
"refsource": "OSVDB",
|
|
"url": "http://www.osvdb.org/8170"
|
|
},
|
|
{
|
|
"name": "8174",
|
|
"refsource": "OSVDB",
|
|
"url": "http://www.osvdb.org/8174"
|
|
},
|
|
{
|
|
"name": "8171",
|
|
"refsource": "OSVDB",
|
|
"url": "http://www.osvdb.org/8171"
|
|
},
|
|
{
|
|
"name": "8173",
|
|
"refsource": "OSVDB",
|
|
"url": "http://www.osvdb.org/8173"
|
|
}
|
|
]
|
|
}
|
|
} |