CVE-2003-1350 : List Site Pro 2.0 allows remote attackers to hijack user accounts by inserting a

List Site Pro 2.0 allows remote attackers to hijack user accounts by inserting a "|" (pipe), which is used as a field delimiter, into the bannerurl field.

Published 2003-12-31 05:00:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2003-1350

List Site Pro » List Site Pro » Version: 2.0
cpe:2.3:a:list_site_pro:list_site_pro:2.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2003-1350

EPSS FAQ

3.02%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 85 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2003-1350

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2003-1350

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2003-1350

https://exchange.xforce.ibmcloud.com/vulnerabilities/11156

List Site PRO account hijacking CVE-2003-1350 Vulnerability Report
http://securityreason.com/securityalert/3230
http://www.securityfocus.com/archive/1/308300

Exploit
http://www.securityfocus.com/bid/6685

Exploit

Jump to

Vulnerability Details : CVE-2003-1350

Products affected by CVE-2003-1350

Exploit prediction scoring system (EPSS) score for CVE-2003-1350

CVSS scores for CVE-2003-1350

CWE ids for CVE-2003-1350

References for CVE-2003-1350