CVE-2004-1647 Information

Description

SQL injection vulnerability in Password Protect allows remote attackers to execute arbitrary SQL statements and bypass authentication via (1) admin or Pass parameter to index_next.asp (2) LoginId OPass or NPass to CPassChangePassword.asp (3) users_edit.asp or (4) users_add.asp.

Reference

http://marc.info/?l=bugtraq&m=109414967003192&w=2 http://secunia.com/advisories/12407 http://www.criolabs.net/advisories/passprotect.txt http://www.securityfocus.com/bid/11073 https://exchange.xforce.ibmcloud.com/vulnerabilities/17188