CVE-2004-2042 - OpenCVE

Multiple SQL injection vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary SQL code and gain sensitive information via (1) content parameter to content.php, (2) content_id parameter to content.php, or (3) list parameter to news.php.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
E107	E107

Configuration 1 [-]

OR	cpe:2.3:a:e107:e107:0.615:::::::*
	cpe:2.3:a:e107:e107:0.615a:::::::*

No data.

References

Link	Providers
http://marc.info/?l=bugtraq&m=108588043007224&w=2
http://marc.info/?l=full-disclosure&m=108586723116427&w=2
http://secunia.com/advisories/11740
http://www.osvdb.org/6531
http://www.osvdb.org/6532
http://www.osvdb.org/6533
http://www.securityfocus.com/bid/10436
http://www.waraxe.us/index.php?modname=sa&id=31
https://exchange.xforce.ibmcloud.com/vulnerabilities/16283

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-05-10T04:00:00

Updated: 2024-08-08T01:15:01.351Z

Reserved: 2005-05-04T00:00:00

Link: CVE-2004-2042

Vulnrichment

No data.

NVD

Status : Modified

Published: 2004-05-29T04:00:00.000

Modified: 2017-07-11T01:31:34.797

Link: CVE-2004-2042

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-05-29T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary SQL code and gain sensitive information via (1) content parameter to content.php, (2) content_id parameter to content.php, or (3) list parameter to news.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "6532", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/6532"}, {"name": "6531", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/6531"}, {"tags": ["x_refsource_MISC"], "url": "http://www.waraxe.us/index.php?modname=sa&id=31"}, {"name": "10436", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/10436"}, {"name": "e107-content-news-sql-injection(16283)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16283"}, {"name": "11740", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/11740"}, {"name": "20040529 [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=108588043007224&w=2"}, {"name": "20040529 [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://marc.info/?l=full-disclosure&m=108586723116427&w=2"}, {"name": "6533", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/6533"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-2042", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple SQL injection vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary SQL code and gain sensitive information via (1) content parameter to content.php, (2) content_id parameter to content.php, or (3) list parameter to news.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "6532", "refsource": "OSVDB", "url": "http://www.osvdb.org/6532"}, {"name": "6531", "refsource": "OSVDB", "url": "http://www.osvdb.org/6531"}, {"name": "http://www.waraxe.us/index.php?modname=sa&id=31", "refsource": "MISC", "url": "http://www.waraxe.us/index.php?modname=sa&id=31"}, {"name": "10436", "refsource": "BID", "url": "http://www.securityfocus.com/bid/10436"}, {"name": "e107-content-news-sql-injection(16283)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16283"}, {"name": "11740", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/11740"}, {"name": "20040529 [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=108588043007224&w=2"}, {"name": "20040529 [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]", "refsource": "FULLDISC", "url": "http://marc.info/?l=full-disclosure&m=108586723116427&w=2"}, {"name": "6533", "refsource": "OSVDB", "url": "http://www.osvdb.org/6533"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T01:15:01.351Z"}, "title": "CVE Program Container", "references": [{"name": "6532", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/6532"}, {"name": "6531", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/6531"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.waraxe.us/index.php?modname=sa&id=31"}, {"name": "10436", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/10436"}, {"name": "e107-content-news-sql-injection(16283)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16283"}, {"name": "11740", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/11740"}, {"name": "20040529 [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=108588043007224&w=2"}, {"name": "20040529 [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://marc.info/?l=full-disclosure&m=108586723116427&w=2"}, {"name": "6533", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/6533"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-2042", "datePublished": "2005-05-10T04:00:00", "dateReserved": "2005-05-04T00:00:00", "dateUpdated": "2024-08-08T01:15:01.351Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:e107:e107:0.615:*:*:*:*:*:*:*", "matchCriteriaId": "BEAC1FD5-ECD1-480C-827E-F1AE8484C4EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:e107:e107:0.615a:*:*:*:*:*:*:*", "matchCriteriaId": "D17F613A-6BE1-4B45-8E40-8E44E0EEA756", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary SQL code and gain sensitive information via (1) content parameter to content.php, (2) content_id parameter to content.php, or (3) list parameter to news.php."}], "id": "CVE-2004-2042", "lastModified": "2017-07-11T01:31:34.797", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-05-29T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=108588043007224&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=full-disclosure&m=108586723116427&w=2"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/11740"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.osvdb.org/6531"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Tool Signature", "Vendor Advisory"], "url": "http://www.osvdb.org/6532"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.osvdb.org/6533"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/10436"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.waraxe.us/index.php?modname=sa&id=31"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16283"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}