Vulnerability Description
WorkforceROI Xpede 4.1 allows remote attackers to execute arbitrary SQL commands and read, modify, or steal credentials from the database via the Qry parameter in the sprc.asp script.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Workforceroi | Xpede | 4.1 |
References
- http://archives.neohapsis.com/archives/bugtraq/2002-04/0273.htmlPatchVendor Advisory
- http://www.iss.net/security_center/static/8903.phpVendor Advisory
- http://www.securityfocus.com/bid/4555Vendor Advisory
- http://archives.neohapsis.com/archives/bugtraq/2002-04/0273.htmlPatchVendor Advisory
- http://www.iss.net/security_center/static/8903.phpVendor Advisory
- http://www.securityfocus.com/bid/4555Vendor Advisory
FAQ
What is CVE-2002-0581?
CVE-2002-0581 is a vulnerability with a CVSS score of 7.5 (HIGH). WorkforceROI Xpede 4.1 allows remote attackers to execute arbitrary SQL commands and read, modify, or steal credentials from the database via the Qry parameter in the sprc.asp script.
How severe is CVE-2002-0581?
CVE-2002-0581 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0581?
Check the references section above for vendor advisories and patch information. Affected products include: Workforceroi Xpede.