CyberSec.Space Logo
返回 CVE 浏览器

CVE-2004-1402

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1520%
EPSS Percentile3.61th
Published2004年12月31日
Last Modified2026年4月16日

Vulnerability Description

SQL injection vulnerability in iWebNegar allows remote attackers to execute arbitrary SQL commands via (1) the string parameter for index.php, (2) comments.php, or (3) the administrator login page.

Affected Platforms (CPE)

📦
Iwebnegar

Iwebnegar

All versions

References & Advisories

🔗 http://marc.info/?l=bugtraq&m=110314454810163&w=2
🔗 http://www.securityfocus.com/bid/11946
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/18505
🔗 http://marc.info/?l=bugtraq&m=110314454810163&w=2
🔗 http://www.securityfocus.com/bid/11946
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/18505

相关漏洞威胁

CVE-2006-44977.5

SQL injection vulnerability in comments.php in IwebNegar 1.1 allows remote attackers to execute arbitrary SQL commands via the id ...

CVE-2006-44964.3

Cross-site scripting (XSS) vulnerability in comments.php in IwebNegar 1.1 allows remote attackers to inject arbitrary web script o...

CVE-2004-041810.0

serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow ...

CVE-2004-101210.0

The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arb...