CyberSec.Space Logo
Back to CVE Browser

CVE-2004-1668

HIGH
7.5
CVSS Severity Score
EPSS Score0.0650%
EPSS Percentile9.66th
PublishedSep 10, 2004
Last ModifiedApr 16, 2026

Vulnerability Description

Multiple SQL injection vulnerabilities in index.php in Subjects 2.0 Postnuke module allow remote attackers to execute arbitrary SQL commands via the (1) pageid, (2) subid, or (3) catid parameters.

Affected Platforms (CPE)

πŸ“¦
Easyweb

Factory Subjects Module

= 2.0

References & Advisories

πŸ”— http://marc.info/?l=bugtraq&m=109483089621955&w=2
πŸ”— http://secunia.com/advisories/12497
πŸ”— http://www.securityfocus.com/bid/11148
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/17311
πŸ”— http://marc.info/?l=bugtraq&m=109483089621955&w=2
πŸ”— http://secunia.com/advisories/12497
πŸ”— http://www.securityfocus.com/bid/11148
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/17311

Related Vulnerabilities

CVE-2004-041810.0

serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow ...

CVE-2004-090410.0

Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird...

CVE-2004-100610.0

Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via cer...

CVE-2004-129010.0

Buffer overflow in the process_moves function in pgn2web.c for pgn2web 0.3 allows remote attackers to execute arbitrary code via a...