CVE-2002-1499

{"id": "CVE-2002-1499", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2003-04-02T05:00:00.000", "references": [{"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0097.html", "source": "cve@mitre.org"}, {"url": "http://online.securityfocus.com/archive/1/290021", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://sourceforge.net/tracker/index.php?func=detail&aid=602711&group_id=12668&atid=112668", "source": "cve@mitre.org"}, {"url": "http://www.iss.net/security_center/static/10000.php", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/5600", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in FactoSystem CMS allows remote attackers to perform unauthorized database actions via (1) the authornumber parameter in author.asp, (2) the discussblurbid parameter in discuss.asp, (3) the name parameter in holdcomment.asp, and (4) the email parameter in holdcomment.asp."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n de SQL en FactoSystem CMS permite a atacantes remotos realizar actividades no autorizadas sobre la base de datos mediante\r\nel par\u00e1metro authornumber en author.asp\r\nel par\u00e1metro discussblurbid en discuss.asp\r\nel par\u00e1metro name en holdcomment.asp, y\r\nel par\u00e1metro email e holdcomment.asp"}], "lastModified": "2008-09-05T20:30:45.577", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:factosystem:factosystem_weblog:0.9b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28DE2021-421E-43DB-AC40-42250B80C4B3"}, {"criteria": "cpe:2.3:a:factosystem:factosystem_weblog:1.0_beta:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D22DB23C-1B4D-4E13-8FF6-698477D93FD8"}, {"criteria": "cpe:2.3:a:factosystem:factosystem_weblog:1.1_beta:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9811AF8-D769-473A-98ED-6A30E199C734"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}