CyberSec.Space Logo
Back to CVE Browser

CVE-2004-1402

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1520%
EPSS Percentile3.61th
PublishedDec 31, 2004
Last ModifiedApr 16, 2026

Vulnerability Description

SQL injection vulnerability in iWebNegar allows remote attackers to execute arbitrary SQL commands via (1) the string parameter for index.php, (2) comments.php, or (3) the administrator login page.

Affected Platforms (CPE)

πŸ“¦
Iwebnegar

Iwebnegar

All versions

References & Advisories

πŸ”— http://marc.info/?l=bugtraq&m=110314454810163&w=2
πŸ”— http://www.securityfocus.com/bid/11946
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/18505
πŸ”— http://marc.info/?l=bugtraq&m=110314454810163&w=2
πŸ”— http://www.securityfocus.com/bid/11946
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/18505

Related Vulnerabilities

CVE-2006-44977.5

SQL injection vulnerability in comments.php in IwebNegar 1.1 allows remote attackers to execute arbitrary SQL commands via the id ...

CVE-2006-44964.3

Cross-site scripting (XSS) vulnerability in comments.php in IwebNegar 1.1 allows remote attackers to inject arbitrary web script o...

CVE-2004-100610.0

Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via cer...

CVE-2004-041810.0

serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow ...