Back to search
CVE-2004-1553
Published: Feb 20, 2005
Modified: Aug 8, 2024
PUBLISHED
Description
SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. NOTE: it was later reported that vector 1 affects aspWebAlbum 3.2, and the vector involves the txtUserName parameter in a processlogin action to album.asp, as reachable from the login action.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
11246
vdb-entry
x_refsource_BID
31649
third-party-advisory
x_refsource_SECUNIA
30996
vdb-entry
x_refsource_BID
aspwebalbum-album-sql-injection(44877)
vdb-entry
x_refsource_XF
20040923 aspWebCalendar /aspWebAlbum: SQL injection
mailing-list
x_refsource_BUGTRAQ
6420
exploit
x_refsource_EXPLOIT-DB
6357
exploit
x_refsource_EXPLOIT-DB
47913
vdb-entry
x_refsource_OSVDB
47914
vdb-entry
x_refsource_OSVDB
aspwebalbum-image-file-upload(44876)
vdb-entry
x_refsource_XF
aspwebalbum-sql-injection(17507)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now