Vulnerability Details : CVE-2004-1555
Potential exploit
Multiple SQL injection vulnerabilities in BroadBoard Instant ASP Message Board allow remote attackers to run arbitrary SQL commands via the (1) keywords parameter to search.asp, (2) handle parameter to profile.asp, (3) txtUserHandle parameter to reg2.asp or (4) txtUserEmail parameter to forgot.asp.
Vulnerability category: Sql Injection
Products affected by CVE-2004-1555
- cpe:2.3:a:broadboard_instant:asp_message_board:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-1555
1.44%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 79 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-1555
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2004-1555
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/17500
-
http://secunia.com/advisories/12658
About Secunia Research | FlexeraVendor Advisory
-
http://www.securityfocus.com/bid/11250
Exploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/17502
BroadBoard forgot.asp script SQL injection CVE-2004-1555 Vulnerability Report
-
http://securitytracker.com/id?1011419
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/17501
-
http://marc.info/?l=bugtraq&m=109630777608244&w=2
'SQL injection in BroadBoard Instant ASP Message Board' - MARC
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/17498
BroadBoard search.asp script SQL injection CVE-2004-1555 Vulnerability Report
Jump to