CVE-2004-2324

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

S

QL injection vulnerability in DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to modify the backend database via the (1) table and (2) field parameters in LinkClick.aspx.

References

Link	Resource
http://archives.neohapsis.com/archives/fulldisclosure/2004-01/1161.html	Patch Vendor Advisory
http://secunia.com/advisories/10747
http://www.osvdb.org/3750
http://www.securityfocus.com/bid/9518	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/14973
http://archives.neohapsis.com/archives/fulldisclosure/2004-01/1161.html	Patch Vendor Advisory
http://secunia.com/advisories/10747
http://www.osvdb.org/3750
http://www.securityfocus.com/bid/9518	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/14973

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.6:::::::*
	cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.7:::::::*
	cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.8:::::::*
	cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.9:::::::*
	cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.10d:::::::*

History

20 Nov 2024, 23:53

Type	Values Removed	Values Added
References	~~() http://archives.neohapsis.com/archives/fulldisclosure/2004-01/1161.html - Patch, Vendor Advisory~~	() http://archives.neohapsis.com/archives/fulldisclosure/2004-01/1161.html - Patch, Vendor Advisory
References	~~() http://secunia.com/advisories/10747 -~~	() http://secunia.com/advisories/10747 -
References	~~() http://www.osvdb.org/3750 -~~	() http://www.osvdb.org/3750 -
References	~~() http://www.securityfocus.com/bid/9518 - Patch~~	() http://www.securityfocus.com/bid/9518 - Patch
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/14973 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/14973 -

Information

Published : 2004-12-31 05:00

Updated : 2025-04-03 01:03

NVD link : CVE-2004-2324

Mitre link : CVE-2004-2324

CVE.ORG link : CVE-2004-2324

JSON object : View

Products Affected

dotnetnuke

CWE

NVD-CWE-Other

{"id": "CVE-2004-2324", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2004-12-31T05:00:00.000", "references": [{"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-01/1161.html", "tags": ["Patch", "Vendor Advisory"], "source": "[email protected]"}, {"url": "http://secunia.com/advisories/10747", "source": "[email protected]"}, {"url": "http://www.osvdb.org/3750", "source": "[email protected]"}, {"url": "http://www.securityfocus.com/bid/9518", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14973", "source": "[email protected]"}, {"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-01/1161.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/10747", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/3750", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/9518", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14973", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to modify the backend database via the (1) table and (2) field parameters in LinkClick.aspx."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4300BB9D-1A72-4005-AA68-35DB57A551E1"}, {"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "797726FF-24E9-415A-AC8B-2AE3301F8824"}, {"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC6BB8DE-9497-42D7-A29D-BCAC75337A96"}, {"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54AB8E47-5484-4449-88BA-90F0CCED285A"}, {"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.10d:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B111556A-56AC-413C-A1B7-D973492BA8F5"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}