CyberSec.Space Logo
CVEブラウザに戻る

CVE-2004-1402

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1520%
EPSS Percentile3.61th
Published2004年12月31日
Last Modified2026年4月16日

Vulnerability Description

SQL injection vulnerability in iWebNegar allows remote attackers to execute arbitrary SQL commands via (1) the string parameter for index.php, (2) comments.php, or (3) the administrator login page.

Affected Platforms (CPE)

📦
Iwebnegar

Iwebnegar

All versions

References & Advisories

🔗 http://marc.info/?l=bugtraq&m=110314454810163&w=2
🔗 http://www.securityfocus.com/bid/11946
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/18505
🔗 http://marc.info/?l=bugtraq&m=110314454810163&w=2
🔗 http://www.securityfocus.com/bid/11946
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/18505

関連する脆弱性情報

CVE-2006-44977.5

SQL injection vulnerability in comments.php in IwebNegar 1.1 allows remote attackers to execute arbitrary SQL commands via the id ...

CVE-2006-44964.3

Cross-site scripting (XSS) vulnerability in comments.php in IwebNegar 1.1 allows remote attackers to inject arbitrary web script o...

CVE-2004-100610.0

Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via cer...

CVE-2004-041810.0

serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow ...