Vulnerability Description
SQL injection vulnerability in GoSmart Message Board allows remote attackers to execute arbitrary SQL code via the (1) QuestionNumber and Category parameters to Forum.asp or (2) Username and Password parameter to Login_Exec.asp.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gosmart | Gosmart Message Board | All versions |
References
- http://marc.info/?l=bugtraq&m=109751522823011&w=2
- http://secunia.com/advisories/12790/Vendor Advisory
- http://www.securityfocus.com/bid/11361Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17678
- http://marc.info/?l=bugtraq&m=109751522823011&w=2
- http://secunia.com/advisories/12790/Vendor Advisory
- http://www.securityfocus.com/bid/11361Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17678
FAQ
What is CVE-2004-1588?
CVE-2004-1588 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in GoSmart Message Board allows remote attackers to execute arbitrary SQL code via the (1) QuestionNumber and Category parameters to Forum.asp or (2) Username and Password ...
How severe is CVE-2004-1588?
CVE-2004-1588 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1588?
Check the references section above for vendor advisories and patch information. Affected products include: Gosmart Gosmart Message Board.