CyberSec.Space Logo
Back to CVE Browser

CVE-2004-2443

HIGH
7.5
CVSS Severity Score
EPSS Score0.1930%
EPSS Percentile31.02th
PublishedDec 31, 2004
Last ModifiedApr 16, 2026

Vulnerability Description

Jaws 0.3 allows remote attackers to bypass authentication and via an HTTP request to admin.php with the logged cookie set to the MD5 hash of a null password, which is compared against the logged session variable by the logged_on function in application.php.

Affected Platforms (CPE)

πŸ“¦
Jaws

Jaws

= 0.2
πŸ“¦
Jaws

Jaws

= 0.3

References & Advisories

πŸ”— http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0226.html
πŸ”— http://securitytracker.com/id?1010651
πŸ”— http://www.osvdb.org/7724
πŸ”— http://www.securityfocus.com/bid/10670
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/16622
πŸ”— http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0226.html
πŸ”— http://securitytracker.com/id?1010651
πŸ”— http://www.osvdb.org/7724

Related Vulnerabilities

CVE-2016-200169.8

MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI....

CVE-2006-32927.5

SQL injection vulnerability in the Search gadget in Jaws 0.6.2 allows remote attackers to execute arbitrary SQL commands via queri...

CVE-2004-20677.5

SQL injection vulnerability in controlpanel.php in Jaws Framework and Content Management System 0.4 allows remote attackers to exe...

CVE-2019-253337.5

Bullwark Momentum Series JAWS 1.0 contains a directory traversal vulnerability that allows unauthenticated attackers to access sys...