Vulnerability Description
SQL injection vulnerability in aspWebCalendar allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the eventid parameter to calendar.asp.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Full Revolution | Aspwebcalendar | 4.5 |
References
- http://marc.info/?l=bugtraq&m=109604910025090&w=2
- http://secunia.com/advisories/12651Vendor Advisory
- http://secunia.com/advisories/24622
- http://www.securityfocus.com/bid/11246Exploit
- http://www.securityfocus.com/bid/23098
- http://www.vupen.com/english/advisories/2007/1093
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17506
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33157
- https://www.exploit-db.com/exploits/3546
- http://marc.info/?l=bugtraq&m=109604910025090&w=2
- http://secunia.com/advisories/12651Vendor Advisory
- http://secunia.com/advisories/24622
- http://www.securityfocus.com/bid/11246Exploit
- http://www.securityfocus.com/bid/23098
- http://www.vupen.com/english/advisories/2007/1093
FAQ
What is CVE-2004-1552?
CVE-2004-1552 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in aspWebCalendar allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the eventid parameter to calendar.asp.
How severe is CVE-2004-1552?
CVE-2004-1552 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1552?
Check the references section above for vendor advisories and patch information. Affected products include: Full Revolution Aspwebcalendar.