Vulnerability Description
SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. NOTE: it was later reported that vector 1 affects aspWebAlbum 3.2, and the vector involves the txtUserName parameter in a processlogin action to album.asp, as reachable from the login action.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fullrevolution | Aspwebalbum | 3.2 |
Related Weaknesses (CWE)
References
- http://marc.info/?l=bugtraq&m=109604910025090&w=2
- http://osvdb.org/47913
- http://osvdb.org/47914
- http://secunia.com/advisories/31649Vendor Advisory
- http://www.securityfocus.com/bid/11246Exploit
- http://www.securityfocus.com/bid/30996Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17507
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44876
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44877
- https://www.exploit-db.com/exploits/6357
- https://www.exploit-db.com/exploits/6420
- http://marc.info/?l=bugtraq&m=109604910025090&w=2
- http://osvdb.org/47913
- http://osvdb.org/47914
- http://secunia.com/advisories/31649Vendor Advisory
FAQ
What is CVE-2004-1553?
CVE-2004-1553 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. NOTE: it was...
How severe is CVE-2004-1553?
CVE-2004-1553 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1553?
Check the references section above for vendor advisories and patch information. Affected products include: Fullrevolution Aspwebalbum.