Vulnerability Description
SQL injection vulnerability in MaxWebPortal allows remote attackers to inject arbitrary SQL code and gain sensitive information via the SendTo parameter in Personal Messages.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Maxwebportal | Maxwebportal | 1.30 |
References
- http://marc.info/?l=bugtraq&m=107643014606515&w=2
- http://www.securityfocus.com/bid/9625ExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15121
- http://marc.info/?l=bugtraq&m=107643014606515&w=2
- http://www.securityfocus.com/bid/9625ExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15121
FAQ
What is CVE-2004-0272?
CVE-2004-0272 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in MaxWebPortal allows remote attackers to inject arbitrary SQL code and gain sensitive information via the SendTo parameter in Personal Messages.
How severe is CVE-2004-0272?
CVE-2004-0272 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0272?
Check the references section above for vendor advisories and patch information. Affected products include: Maxwebportal Maxwebportal.