QwikSec

Security Database

CVE

CWE

Training

CVE-2002-1499

Published: Mar 18, 2003

Modified: Aug 8, 2024

PUBLISHED

Description

Multiple SQL injection vulnerabilities in FactoSystem CMS allows remote attackers to perform unauthorized database actions via (1) the authornumber parameter in author.asp, (2) the discussblurbid parameter in discuss.asp, (3) the name parameter in holdcomment.asp, and (4) the email parameter in holdcomment.asp.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

factosystem-asp-sql-injection(10000)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_BID

http://sourceforge.net/tracker/index.php?func=detail&aid=602711&group_id=12668&atid=112668

x_refsource_MISC

20020830 FactoSystem CMS Contains Multiple Vulnerabilities

mailing-list

x_refsource_VULNWATCH

20020831 FactoSystem CMS Contains Multiple Vulnerabilities

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.