Vulnerability CVE-2004-2542


Published: 2004-12-31   Modified: 2012-02-12

Description:
Multiple SQL injection vulnerabilities in Dynix (formerly known as epixtech) WebPAC allow remote attackers to execute arbitrary SQL commands via unknown attack vectors, resulting in an ability to execute stored procedures, bypass login authentication, and cause an unspecified denial of service to backend databases.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Dynix -> Webpac 

 References:
http://xforce.iss.net/xforce/xfdb/17128
http://www.securityfocus.com/bid/11037
http://www.osvdb.org/9274
http://securitytracker.com/id?1011073
http://archives.neohapsis.com/archives/bugtraq/2004-08/0354.html

Copyright 2024, cxsecurity.com

 

Back to Top