CVE-2004-2202 Information

Description

Multiple SQL injection vulnerabilities in DUware DUclassified 4.0 through 4.2 allows remote attackers to bypass authentication and execute other commands on the server’s underlying database via the (1) cat_id or (2) sub_id parameters in adDetail.asp or (2) the password parameter in the login form.

Reference

http://www.osvdb.org/10668 http://www.osvdb.org/10669 http://www.securityfocus.com/bid/11363 http://www.securitytracker.com/alerts/2004/Oct/1011596.html https://exchange.xforce.ibmcloud.com/vulnerabilities/17685